A FRONT RUNNER IN CYBER SECURITY FOR 30 YEARS - f …€¦ · Nobody knows cyber security like...

ANNUAL REPORT 2017

A FRONT RUNNER IN CYBER SECURITY FOR 30 YEARS

Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending tens of thousands of companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. F-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs. F-Secure’s security experts have participated in more European cyber crime scene investigations than any other company in the market, and its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers.Founded in 1988, F-Secure is listed on the Nasdaq Helsinki.

CONTENTS

WE ARE F-SECURE

01 Key figures 2017 . . . . . . . . . . . . . . . . . . . . . . . . . . 01F-Secure in brief . . . . . . . . . . . . . . . . . . . . . . . . . . 02CEO letter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 04

02 Board of Directors’ Report 2017 . . . . . . . . . . . . . 06Key figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Calculation of key ratios . . . . . . . . . . . . . . . . . . . 14

03 FINANCIAL STATEMENTS F-SECURE CONSOLIDATED . . . . . . . . . . . . . . . . 15Statement of comprehensive income . . . . . . . 15Statement of financial position . . . . . . . . . . . . . 16Statement of cash flows . . . . . . . . . . . . . . . . . . . 17Statement of changes in equity . . . . . . . . . . . . . 18Notes to the Financial Statements . . . . . . . . . . 19

Contents

F-SECURE CORPORATION . . . . . . . . . . . . . . . . . 37Income statement . . . . . . . . . . . . . . . . . . . . . . . . 37Balance sheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Cash flow statement . . . . . . . . . . . . . . . . . . . . . . 39Notes to the parent company Financial Statements . . . . . . . 40

Auditor’s Report . . . . . . . . . . . . . . . . . . . . . . . . . 49

04 Statement of non-financial information . . . . . 53

05 F-Secure’s Corporate Governance Statement 61Board of directors . . . . . . . . . . . . . . . . . . . . . . . . 66Leadership team . . . . . . . . . . . . . . . . . . . . . . . . . 69

06 Information for shareholders . . . . . . . . . . . . . . . 72

20172016201520142013

137.4155.1 147.6

158.3

22.227.1 20.0 19.2

16%17%

14%12%

169.7

11.1

7%

Q4 2017Q3 2017Q2 2017Q1 2017

41.044.4

41.043.2

1.63.93.32.3

4%

9%8%5%

Q4 2017Q3 2017Q2 2017Q1 2017

24.3

16.7

24.4

18.8

24.2

16.8

24.2

20.210% 37%

12%

41%

F-SECURE 2017

KEY FIGURES 2017

Revenues MEUR 169.7Operating profit MEUR 11.1

Earnings per share EUR 0.07Dividend per share* EUR 0.04

Cash flow from operations MEUR 26.0 Equity ratio 61%

Personnel 1,104Revenue split by region 2017, %

Revenues and operating profit 2013–2017, MEUR

Revenue split by business 2017, MEUR

Revenues and operating profit by quarters 2017, MEUR

l Nordics 37%l Rest of Europe 41%l North America 10%l Rest of the world 12%

l Corporate securityl Consumer security

l Revenue l Operating profit l Operating profit margin

l Revenue l Operating profit l Operating profit margin

* Board proposal to the Annual General Meeting

01

F-SECURE 2017

For 30 years, F-Secure has driven innovation in cyber security. We defend tens of thousands of companies and millions of people around the world through our network of over 200 telecommunications operators and thousands of IT service and retail partners. F-Secure’s security experts have participated in more European cyber crime scene investigations than any other company in the industry.

A FRONTRUNNER IN CYBER SECURITY

F-SECURE IN BRIEF

LET US IN. KEEP THEM

OUT.

Digitalization continues to increase cyber threatsDue to the explosive growth in the number of internet-connected devices both in business and in our private lives, society expects services and data to be accessible everywhere and on any device. Online business services are becoming the de-facto standard, but at the same time online crime has become ever present and globally connected.

As cyber threats grow in number, they also evolve in scope and sophistication. Protecting people and organizations from new types of attacks, as well as securing new areas of technology and business requires a move away from single solutions towards a broader cyber security portfolio.

Comprehensive offering for consumers and businessesF-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs for a singular approach called Live Security. It covers all aspects of cyber security: prediction, prevention, detection and response.

In February 2017, F-Secure won the Best Protection award from the AV-TEST Institute for superior protection technology throughout 2016 . The win makes F-Secure a five-time winner of the award, and it’s the only company in the history of AV-TEST to achieve such a distinction .

02

F-SECURE 2017

Our security advisory services help businesses analyze and predict threats. Our vulnerability assessment and management solution (F-Secure Radar) is an invaluable tool in spotting weaknesses and helping corporate customers fulfil their compliance needs. Our detection solution (Rapid Detection Service) enables companies to realize they’ve been breached in minutes instead of months. And for customers who have already been breached, F-Secure offers forensics and incident response services to enable swift recovery. In 2018, we look forward to launching our new fully automated Endpoint Detection & Response solution (EDR).

F-Secure’s security solutions for endpoints (Protection Services for Business, Business Suite) feature multiple layers of protection technology to efficiently and effectively block zero day and advanced attacks. Our solutions also enable an additional layer of security for cloud platforms (e.g. F-Secure Cloud Protection for Salesforce).

For consumers, we offer total security and privacy to all connected devices (F-Secure TOTAL, F-Secure SAFE, F-Secure FREEDOME, F-Secure SENSE, F-Secure KEY). F-Secure helps people secure their devices and connections, protect their online life and enjoy it to the fullest without the fear of unwanted tracking, profiling or information theft.

Our strategy is driven by our aspiration to growWe are transforming from an endpoint protection company to a cyber security leader with a broader set of products and services. As F-Secure seeks to accelerate growth, we continue to focus growth investments in corporate security.

We provide best-in-class services and solutions to the mid-market, especially for customers seeking to buy prevention, detection and response as a service. We foresee the market moving towards managed endpoint security, and see especially strong growth in detection and response services. As we expand our product and service offering, we are also making it more integrated in order to offer efficient and comprehensive turn-key solutions to our customers and partners

Our business model

100,000 companies

Tens of millions of consumers

Hundreds of large enterprises

IT RESELLERS 6,000+

OPERATORS 200+ globally

CYBER SECURITY SERVICES

RETAILERS AND WEBSHOPS

CORPORATE SECURITY PRODUCTS & SERVICES

CONSUMER SECURITY PRODUCTS

OUR APPROACH TO CYBER SECURITYCyber security moves too fast for silver bullets. It takes a combination of the latest human expertise and continuously improving technology to comprehensively predict, prevent, detect and respond to breaches.

Understand your attack surface

Understanding your risk starts by mapping your attack surface – across systems, infrastructure and even third parties – and regularly scanning it for vulnerabilities.

React to incidents and breaches

It takes IT forensic expertise to understand how the attackers got in and which systems and data were compromised. It also takes experience to know exactly how to react to the attack: how to escalate the issue, isolate corrupted machines, manage communications and remediate the damage.

Minimize your attack surface

This is where tried and tested endpoint protection tools and best practices come in – system hardening, firewall configurations, reputation analysis, access controls, antivirus scanning and automated patch management. With modern endpoint protection tools, you get smarter prevention capabilities including behavioral analytics, which are capable of blocking 0-day malware.

Recognize incidents and breaches

Using technology and human expertise to monitor your attack surface and heuristically detect, block and isolate suspicious behavior, it becomes possible to reduce harmful dwell time – the time it takes before a breach is detected.

PREDICT PREVENT

RESPOND

LIVE SECURITY

DETECT

03

F-SECURE 2017

Since the company was founded 30 years ago, F-Secure has been driving innovation in cyber security. Many key security features that are considered as necessities in today’s cyber security products, were originally developed at F-Secure Labs in Helsinki. We continue be a visionary in the industry, offering enterprise-grade cyber security products and services for companies, and peace of mind for consumers globally. In a world immersed in digitalization, cyber security can mean the difference between failure and success. Protecting our customers, we know that we are making a difference for millions of consumers and tens of thousands of businesses every single day.

THERE’S A NEED FOR SPEED IN DETECTING AND REACTING TO CYBER ATTACKS

Samu Konttinen

CEO LETTER

The cyber security industry has never stopped evolving. What started in the 1990’s as a sport for amateurs, has evolved into a serious business for organized crime and a theater for cyberwar between nation states. While malware was once created to achieve fame, today cyber attacks are chiefly motivated by financial or political gain.

For businesses, breaches are becoming even more crucial to prevent and manage. Last year’s outbreaks of NotPetya and WannaCry again demon-strated how hacks can result in losses of hundreds of millions of euros, while doing catastrophic damage to brands. Additional pressure for increased resilience is coming from tightening regulation. This year the European General Data Protection Regulation (GDPR) will have a transformative effect on the way companies are required to manage and secure personal data. Among other things, companies must be able to notify the authorities once they have been breached.

04

F-SECURE 2017

In an environment like this, it’s troubling to know that only a fraction of companies have successfully deployed modern detection systems, which are vital for ensuring rapid response to threats. Preventive measures can help avoid much harm from cyber threats, but more work is needed to improve detection capabilities, as breaches are bound to happen. In addition to new technical solutions, companies will need human expertise. Already today, there is a huge demand for prospective defenders. A recent report projects there will be 3.5 million vacant cyber security positions by the year 2021. Hundreds of thousands of those positions will be in Europe.

Enterprise-grade cyber security for the mid-marketAs over the past three decades the cyber security industry has continually evolved, F-Secure has also continuously reinvented itself to match the needs of customers. We find ourselves again in the midst of such a transition. A transformation from an endpoint protection company into a provider of a broad offering of cyber security products and services.

F-Secure is focused on offering enterprise-grade solutions for the mid-market. Our solutions and services match the security needs of even the most demanding large corporations, but we have especially tailored them into comprehensive turn-key solutions for medium-sized companies and local enterprises. Through our extensive network of thousands of trusted partners we are able to reach out to companies globally. And while our focus is on corporate security, the shared technological platform behind all our products ensures that the solutions we develop for demanding corporate customers also end up benefiting the consumer customers for whom we provide security and privacy products for all connected devices.

Our product and service offering for businesses has never been more extensive. In addition to vulnerability management and award-winning endpoint security solutions, we have recently introduced cutting edge solutions for detection and response. While we are focused on product sales, we also have a strong service arm, and provide a vast range of best-in-class professional services from incident response, forensics and red teaming to security and risk management. Our unique combination of man and machine offers us clear competitive advantages, supporting product development and creating increased potential for cross-selling.

2017: Another strong yearThroughout 2017, we continued to win market share and push our new corporate security solutions to key markets in Europe and elsewhere. While our corporate endpoint protection business showed good growth, I was particularly pleased with the progress we made with Rapid Detection Service

- our managed service designed to detect even the most skillful attackers. We only recently began offering this solution, but we have already won many

“We continued to win market share and push our new corporate security solutions to key markets in Europe and elsewhere.”

customers in demanding verticals – including finance, energy, media and IT – in European key markets. To further boost growth, this year we will launch a new fully automated Endpoint Detection and Response solution, which will increase our ability to scale much needed detection capabilities for small and medium sized companies.

Another strong growth driver has been our professional services, where we continue to see very strong demand. Last quarter, we signed our largest service contract ever. We also made two relatively small but important acquisi-tions last year – Inverse Path in Italy and Digital Assurance in the UK – to boost our presence in key markets and important industry verticals. Cyber security services are adjacent to our product sales.

Our consumer security business remained stable. The consumer business is crucial for F-Secure, as it is fueling our investments in corporate security, where we see the most growth potential. That said, the consumer business itself is also evolving. Last year, we saw increasing cross sales, as consumers are often buying not just endpoint security but also privacy and VPN products. Also, despite continued competition from freemium products and the fact that operating system providers are increasing their built-in capabilities in security, our renewal rates have never been higher. Completely new markets are also emerging. In the summer of 2017, we launched F-Secure SENSE, our new innovative solution for securing all connected devices at home.

F-Secure’s competitiveness is built on strong valuesWhile our business continues to evolve, our core DNA remains the same. F-Secure has a unique combination of advanced technology and fantastic people. From the very beginning, this has been a company built on strong values. Our employees are proud to be able to fight against the world’s most advanced cyber criminals.

Our ambition of doing good and helping our customers is what drives us forward. We are a growth company, but with an ambition to grow even faster. To support this, we will continue to invest in the growth of the corporate business, both in the development of cyber security products and services as well as in sales and marketing of these solutions.

F-Secure’s extensive experience, knowledge and insight in cyber security, combined with our global intelligence network, smart software and cutting edge artificial intelligence makes us the perfect trusted cyber security partner for companies of all sizes as well as individuals. Together with our employees, partners and customers, I’m certain we will continue to fight for cyber security for 30 years more!

Samu Konttinen

05

F-SECURE 2017

In 2017, F-Secure continued its transformation from an endpoint protection company into a provider of a broad offering of cyber security products and services. The company continued to prioritize growth over short term profitability. Building on significant investments in sales, marketing and product development and strong demand especially in the corporate security market, significant progress was made with both products and services.

BOARD OF DIRECTORS’ REPORT 2017

CYBER SECURITY

NEVER STOPS.

In corporate security, F-Secure saw companies striving to improve their cyber resilience, and the expanded portfolio continued to create new business opportunities. Growth was driven by cyber security services and new products for detection and response, as well as vulnerability management. The company’s traditional core business – endpoint protection

– was also in above-market growth. To support further growth, F-Secure continued to develop the corporate reseller channel to better target larger corporate customers and increase cross-selling and upselling.

In consumer security, direct sales to consumers were in strong growth driven by high renewal rates and increased cross-selling. Revenue through operators remained almost at previous year’s level, confirming the company’s view of the overall stability of the consumer business.

Financially, F-Secure’s year was solid, with strong cash flow and healthy profitability.

Financial performance and key figures In January–December, total revenue grew by 7% year-on-year to EUR 169.7 million (158.3m), driven by corporate security.

Corporate security

Revenue from corporate security increased by 16% year-on-year to EUR 72.6 million (62.5m), and represented 43% (39%) of F-Secure’s total revenue. The growth throughout the year stemmed both from increasing product sales through the

06

F-SECURE 2017

reseller channel, and from very strong performance in cyber security services. The revenue increase reflected significant investments in product development as well as recruiting in the sales organization during the past two years.

Consumer security

Revenue from consumer security increased 1% year-on-year to 97.1 million (95.8m), and represented 57% (61%) of F-Secure’s total revenue. The direct consumer sales continued to show good growth, while revenue from the operator channel slightly decreased.

Deferred revenue

Deferred revenue increased by 13% (year-on-year) to EUR 61.1 million (54.3m), driven by the increased sales of corporate security products and services with multi-year contracts.

Costs

Fixed costs increased by 12% (year-on-year) to 153.8 million (137.6m). Key drivers behind the increase were recruitments in corporate security and the impact of share-based incentive programs. R&D costs and sales and marketing expenses related to corporate business increased significantly.

Profitability

EBIT was EUR 11.1 million and 7% of revenue (19.2m, 12%). Investments in corporate business related R&D and sales and marketing were the main factors behind the lower EBIT compared to previous year.

Cash flow

Cash flow from operations was EUR 26.0 million (21.9m). Cash flow was impacted by extraordinary tax payments both in 2017 and in the comparison year 2016. In 2016, the cash flow was negatively impacted by a residual tax payment of EUR 6.1 million resulting from the divestment of F-Secure’s personal cloud storage business to Synchronoss in 2015 and the repay-ment of EUR 4.0 million in foreign tax credits on withholding

taxes from 2009–2011 based on debit decisions by the Finnish tax authority. Cash flow was positively impacted by the release of the EUR 4.5 million escrow account relating to the above mentioned divestment. In 2017, the company received a payment of EUR 3.1 million related to aforementioned foreign tax credits on withholding taxes from 2009–2011 based on debit decisions by the Finnish tax authority following F-Secure’s appeal.

Taxes

In June, the Finnish Tax Administration’s Board of Adjustment approved F-Secure’s appeal related to withholding taxes. As a result EUR 3.1 million consisting of taxes, interests and late penalty payments was returned to the company, and the payment was recorded in financial items and income taxes in the second quarter. The payment relates to the decision of Finnish Tax Authority in 2015 to adjust taxation for tax years 2009–2011 based on a partial tax audit. F-Secure appealed the decision and the Finnish Tax Administration’s Board of Adjustment approved the appeal. The approval does not have an impact on future taxation of the company. More informa-tion regarding the tax audit is available in the 2016 financial statements, disclosure 10, Income taxes.

Financing and Capital Structure On 31 December 2017, the combined market value of cash and cash equivalents and short term investments in interest rate funds classified as available-for-sale assets was EUR 90.2 million (31 December 2016: 92.7m).

Cash and available-for-sale financial assets were impacted by paid dividends, amounting in total to EUR 18.8 million. In addition to a regular dividend of EUR 0.06 per share, an extra dividend of EUR 0.06 per share was paid following the sale of the personal cloud storage business to Synchronoss Technologies Inc for USD 60 million in February 2015.

In January–December the Company’s capital expenditure amounted to EUR 9.3 million (6.9m). The capitalized develop-ment expenses were EUR 3.9 million (3.2m).

F-Secure’s financial position remained solid. The Company’s equity ratio on 31 December 2017 was 61% (67%) and its gearing ratio was 130% negative (122% negative).

F-Secure business in 2017

Corporate security

F-Secure provides a broad range of cyber security products and managed services through a large network of resellers and service partners. Products include both cloud-based (Protection Service for Business) and on premise (Business Suite) endpoint protection solutions, solutions for detecting and responding to advanced attacks (Rapid Detection Service, or RDS), vulnerability management (F-Secure Radar) and cloud protection (F-Secure Cloud Protection for Salesforce). The majority of corporate security revenue comes from the sale of endpoint protection solutions through resellers.

Revenue from endpoint security continued to grow at above-market pace during the full year, but country-specific performance was mixed especially in the second half of the year. New customer acquisition showed strong growth, and renewals and upsells also increased, despite some contract seasonality and performance issues in certain countries impacting the second half.

During the year, F-Secure continued to expand sales of new corporate products, especially in detection and response (RDS), and vulnerability management (F-Secure Radar) markets. While both solutions are still at an early stage of their life-cycle, revenue from RDS and F-Secure Radar showed strong growth during the year, and business expanded significantly regionally, with first deals signed already in 20 countries. To accelerate the growth, F-Secure continues to seek new reseller partners capable of pushing the full corporate security portfolio. With Cloud Protection for Salesforce, F-Secure continued close cooperation with SalesForce to expand sales of the new solution.

In November, F-Secure announced at Capital Markets Day that the company plans to launch a new fully automated

07

F-SECURE 2017

endpoint detection and response (EDR) solution in 2018. The new solution will build on capabilities already utilized in F-Secure Rapid Detection Service (managed detection and response, MDR). This new solution will be tightly integrated with the company’s endpoint protection solutions, and it will allow F-Secure to combine two important product categories. EDR will be a pure software product, and whereas RDS is a managed service aimed for larger companies, EDR will allow F-Secure to scale sales to a broader base of corporate customers while making detection capabilities more affordable also for small businesses and mid-market customers. Thus it will also support the growth of endpoint protection business.

Regionally most of the absolute product sales growth came from focus markets in Europe, with a fourth of the growth came from North America and Asia-Pacific. In Asia, absolute sales grew fastest in India and Malaysia. In Europe, growth was most strongest in Finland, Denmark, France, Germany, Austria and the Benelux countries.

F-Secure’s cyber security consultancy had a very strong year. Several large deals were signed, including one particularly large deal in the fourth quarter. Overall, F-Secure continued to see strong demand in the market, and the company recruited more consultants and sales personnel to meet the rising demand. The majority of cyber security services order intake came from Denmark, Finland and UK, and the share of order intake coming from other regions within Europe continued to increase.

Consumer security

The majority of F-Secure’s consumer security revenue comes from the sale of endpoint protection products (mainly F-Secure Safe) through the operator channel, with F-Secure Freedome (VPN, privacy and security) and F-Secure Key (password manager) increasingly being part of the offering. In June 2017, the company started the first deliveries of F-Secure Sense, an innovative security solution for protecting connected home devices. In addition to operator sales, F-Secure sells consumer products through various online and retail partners,

as well as the company’s own web shop. F-Secure is increas-ingly offering consumer products as combined bundles, such as F-Secure Total (F-Secure Safe & F-Secure Freedome).

Revenue from the operator channel slightly decreased from the previous year’s level during the full year, as the loss of single operator customer in Latin America caused the quarterly revenue to decline in the fourth quarter. This impact is expected to continue in the first half of 2018. Excluding Latin America, operator revenue increased slightly also in the fourth quarter, highlighting F-Secure’s overall steady progress in increasing product activation rates together with our broad network of partners globally. Regionally, the majority of absolute growth came from the Nordics, Germany, the UK and the US.

In direct consumer sales, F-Secure continued to outpace the market, with solid double-digit order intake growth both in online and retail channels. Growth continued to be driven by the strong renewal rates and increased cross selling of the broad consumer portfolio. Consumers are increasingly buying both endpoint protection and privacy solutions, and upgrading their F-Secure SAFE or F-Secure FREEDOME subscriptions to F-Secure TOTAL – a commercial bundle of the two products. Additionally, order intake for F-Secure FREEDOME as a standalone product continued to show strong growth during the year, especially with new sales and renewals through app stores. Increased cross-selling and upselling helped the company generate higher annual average revenue per user.

The impact of F-Secure SENSE (an innovative security solution for connected home devices) on revenue was limited as expected. While the connected home market is at a very early stage, the company continues to see growing interest in the product among customers, operator partners and retailers, including the possibility of embedding Sense as software to customers’ on premise equipment such as routers or digital home hub solutions. During the year F-Secure signed deals with several operators to distribute SENSE, and in December BestBuy started selling SENSE in the US, as did also Power (retail chain) in the Nordics.

Acquisitions and disposals On 15 February 2017, F-Secure acquired 100% of the shares of Inverse Path S.r.l., a small privately held company based in Italy providing security services to the avionics, automotive, and industrial control sectors.

On 10 May 2017, F-Secure acquired 100% of the shares of Digital Assurance Consulting Limited, a privately held UK based security consultancy firm offering information security assess-ment services to governments and companies in financial, petrochemical, retail, communication, and defense industries.

Research and development F-Secure’s research and development activities in 2017 continued to focus on the development of new products and product amendments both for businesses and consumers. Key projects included RDS, EDR, F-Secure Sense, and improvements to several existing products. As an example, new types of sensors, such as a network sensor, were added to RDS. Work was done on new protection features and overall customer experience improvements.

On a more general level, F-Secure is working on simplifying and streamlining its product and service architecture as well as continuing its transition towards the use of cloud services. Multiple services were moved to the cloud. With all these activities the Company aims to improve product scalability, security, stability as well as speed of development and reduce time spend on maintenance. F-Secure also strives to become a truly data-driven company and invests in processing more data than before and increasingly using artificial intelligence for analysis. During 2017, F-Secure in particular increased focus on using machine learning for anomaly detection.

In 2017 F-Secure’s research and development expenditure amounted to EUR 34.5 million, representing 20% of revenue (EUR 28.4m, 18%). The capitalized development expenses amounted to EUR 3.9 million (EUR 3.2 million).

08

F-SECURE 2017

Product and service announcements

New products launched in 2017

– F-Secure launched F-Secure Cloud Protection for SalesForce, a first-in-the-market concept for cloud security. The product offers an additional layer of security for Salesforce customers by automatically analyzing any files or links uploaded by users and then blocking malicious content.

– F-Secure launched F-Secure SENSE for the connected home and IoT protection. It is the first hardware product in F-Secure’s consumer portfolio. F-Secure SENSE is a combination of a smart security router, an advanced security app and industry-leading cloud protection. SENSE protects every internet connected thing in homes.

Other significant product announcements

– In November, F-Secure announced its plans to launch a new Endpoint Detection and Response (EDR) product in 2018. More information is available in the F-Secure Business in 2017 section.

Updates for corporate products

– Protection Service for Business (PSB, cloud-based endpoint protection platform) was updated with several new capabilities. These included DataGuard (an additional layer of protection against threats like ransomware), XFENCE (for the Mac OS platform preventing ransomware and other malware), and a new Password Protection feature to make the use of strong and unique passwords easy for organizations.

– Business Suite (on-premise endpoint protection platform) was updated with new capabilities to support scalability to larger organizations including and advanced proxy functionality to reduce network bandwidth usage, and with new security capabilities like the DataGuard feature.

– Rapid Detection Service (RDS, managed detection and response service) was updated with new capabilities, including a new customer portal for efficient commu-nication between Rapid Detection Center – our 24/7 monitoring center – experts and customers, and improved machine learning and artificial intelligence capabilities.

– F-Secure Radar (our vulnerability management solution) was updated with a web topology mapping feature that helps customers to discover their full attack surface, and with a new user interface bringing ease-of-use and improved productivity.

Updates for consumer security products

– F-Secure SAFE (multi-device security solution) was updated with new capabilities for protecting children online. The new remotely managed Family Rules enable parents to set boundaries for screen time, internet use, and on Android also for apps. For the operator partners new functionalities were also added, including lifecycle messaging, cross-sell and integration models. These make it easier for partners to offer the entire F-Secure’s portfolio to consumers while improving channel efficiency, and customer experience.

– F-Secure KEY (password manager) was updated with a set of new tools for better password management. By improving the awareness of password quality, KEY helps users to improve their password practices.

– F-Secure FREEDOME (online privacy and security solution) introduced a VPN Software Development Kit (SDK) that enables operators and partners to integrate security and privacy into their own apps. Additionally, new features were introduced to support operator sales, including the capability to deploy operator on-site VPN gateways and smoother product deployment and installation experience.

– F-Secure TOTAL (offering consisting of SAFE and FREEDOME) was updated to improve usability and deepen the technical integration of the two embedded products.

Significant awards

– In February 2017, F-Secure was once again awarded the 2016 Best Protection Award by AV-TEST for the fifth time, as the first company in the test history

– In February, many media outlets around the world published news articles about a research study made by Australia’s Commonwealth Scientific and Industrial Research Organization, the University of New South Wales, and the University of California at Berkeley. In the study, F-Secure FREEDOME was one of the few (out of 283 VPN Android apps) that was praised by a university study in keeping its marketing promises as a secure VPN.

– In March, F-Secure TOTAL won the Best Innovation 2017 award from Digital Citizen. The award was granted for combining an internet security product with a full VPN product.

After period-end, in January 2018, F-Secure was recognized as a ‘Visionary’ in Gartner’s 2018 Magic Quadrant for Endpoint Protection Platforms report.

Shares, Shareholders’ Equity, Own Shares The total number of company shares is currently 158,798,739. The company’s registered shareholders’ equity is EUR 1,551,311.18. The company currently holds 2,085,029 of its own shares.

The company holds its own shares to be used in the incentive compensation plans, for making acquisitions or implementing other arrangements related to the company’s business, to improve the company’s financial structure, or to be otherwise assigned or cancelled.

The company currently has share-based incentive programs for key employees: performance-based long-term share-based programs and a restricted program (Stock exchange release, 16 February 2017).

In accordance with the decision by the Annual General Meeting, 40% of the fees paid to the Members of the Board of Directors in 2017 were paid in F-Secure shares. In total, 23 888

09

F-SECURE 2017

of F-Secure shares were assigned to the Members of the Board. The shares were purchased from the market.

Risks and uncertainties The objective of F-Secure’s risk management is to ensure a current, correct and holistic understanding and prioritized management of key uncertainties related to strategy implementation and business operations. The process and risk management methods in use are constantly developed to respond to the changing needs of the company.

F-Secure uses three categories to group the risks: strategic, business and operational risks. The most significant risks for F-Secure are related to the following factors.

Most significant risks

– Endpoint protection market disruption

– Market consolidation, and failure to successfully complete acquisitions or divestments

– Failure to innovate and develop new technologies

– Failure to attract and retain talent

Other risks that affect the F-Secure business include but are not limited to:

– Intellectual property (IPR) claims against F-Secure

– Risk exposure from contractual liability requirements

– Failure of new product launches

– Potential security threats related to F-Secure’s products and services

– Credit risk due to regional political or financial climate and regulation

– Tax risk relating to changing laws and regulations and inter-pretations of said regulations by the relevant authorities

Organization and leadership

Personnel

At the end of December, F-Secure had 1,104 employees, which shows a net increase of 8% from the previous year (1,026 on 31 December in 2016). F-Secure continues to actively recruit security professionals, cyber security consultants and sales personnel especially in corporate security.

Leadership team

To accelerate strategy execution, F-Secure has made organizational changes as of Monday 5 February 2018. Corporate security has been moved from two business units in to a functional organization that elevates the key areas to Leadership Team and removes organization layers. Consumer cyber security will continue as a business unit of its own.

After the changes, the composition of the Leadership Team is the following:

Samu Konttinen (CEO, and acting Strategy & Corporate Development), Mari Heusala (HR & Office Services), Kristian Järnefelt (Consumer Cyber Security), Juha Kivikoski (Enterprise & Channel Sales as of 1 March 2018), Jyrki Rosenberg (Marketing & Communications), Jari Still (Information & Business Services), Mika Ståhlberg (Security Research & Technologies), Eriikka Söderström (CFO), and Jyrki Tulokas (Cyber Security Products & Services).

Juha Kivikoski is an industry veteran having previously served as Managing Director at Dustin Finland, Vice President Sales at McAfee/Intel Security and COO at Stonesoft. He has also held several senior leadership positions at large tech-nology companies including Siemens and Cisco Systems.

Corporate Governance F-Secure’s corporate governance practices comply with Finnish laws and regulations, F-Secure’s Articles of Association, the rules of Nasdaq Helsinki Oy and the Finnish Corporate Governance Code 2015 issued by the Securities Market Association of Finland. The code is publicly available at

http://cgfinland.fi/en/. F-Secure’s Corporate Governance Statement for 2016 as well as up-to-date information about the Company’s governance are available on the Company website. The Corporate Governance Statement for 2017 will be published at latest on 14 March 2018.

The Annual General Meeting The Annual General Meeting of F-Secure Corporation was held on 5 April 2017. The Meeting confirmed the financial statements for the financial year 2016. The members of the Board and the President and CEO were granted discharge from liability. In addition, the Annual General Meeting made the following decisions:

The Annual General Meeting decided to distribute a dividend of EUR 0.06 per share and an extra dividend of EUR 0.06 per share, which was paid to those shareholders that on the record date of 7 April 2017 were registered in the Register of Shareholders held by Euroclear Finland Ltd. The dividend was paid on 20 April 2017.

It was decided that the annual compensation of Board members remains on a previous year’s level: for the Chairman EUR 55,000, Chairmen of the Personal and Audit Committees EUR 40,000, members EUR 30,000 and member employed by F-Secure Corporation EUR 10,000. Approximately 40% of the annual remuneration will be paid as company shares.

It was decided that the number of Board members is seven (7). The following current members were re-elected: Pertti Ervi, Matti Heikkonen, Bruce Oreck and Risto Siilasmaa. Sofie Nystrøm, Päivi Rekonen and Ari Inki were elected as new members of the Board. The Board elected in its organizational meeting Siilasmaa as the Chairman of the Board. The Board nominated Siilasmaa as the Chairman of the Personal Committee and Bruce Oreck and Matti Heikkonen as members of the Personal Committee. Pertti Ervi was nominated as the Chairman of the Audit Committee and Sofie Nystrøm, Päivi Rekonen and Ari Inki were nominated as members of the Audit Committee.

10

F-SECURE 2017

It was decided that the Auditor’s fee will be paid against approved invoice. PricewaterhouseCoopers Oy was elected the parent company’s auditor. APA, Mr. Janne Rajalahti acts as the responsible partner.

It was decided that the Board of Directors may pass a resolution to repurchase a maximum of 10,000,000 own shares of the company in one or multiple tranches with the company’s unrestricted equity. The authorization entitles the Board of Directors to decide on the repurchase also in deviation from the proportional holdings of the shareholders (directed repurchase). The authorization covers the repurchase of shares either in trading at the regulated market organized by Nasdaq Helsinki Ltd in accordance with its rules and guidelines, in which case the shares must be purchased at the prevailing market price at the time of repurchase, or through a public tender offer to the shareholders, in which case the price offered must be the same for all shareholders. The repurchased shares will be used for making acquisitions or implementing other arrangements related to the company’s business, for improving the company’s financial structure, for use as part of the company’s incentive scheme or otherwise for further assigning or cancelling the shares. The authorization includes the right for the Board of Directors to decide upon all other terms and conditions related to the repurchase of the company’s own shares. The authorization is valid until next Annual General meeting however not longer than until 30 June 2018 and the previous authorization granted to the Board of Directors by the 2016 Annual General Meeting regarding the repurchase of the company’s own shares expired upon the new authorization.

The Annual General Meeting authorized the Board of Directors to decide on the issuance of a maximum of 31,000,000 shares, representing 19.5 per cent of the company’s shares entered in the Trade Register, or the issuance of special rights entitling to shares referred to in Chapter 10, Section 1 of the Finnish Limited Liability Companies Act in one or multiple tranches. The authorization concerns both the issuance of new shares as well as the transfer of treasury shares. The

authorization includes the right for the Board of Directors to decide upon all terms and conditions related to the issuance of shares and special rights. The issuance of shares may be carried out in deviation from the shareholders’ pre-emptive rights (directed issue). The authorization can be used for implementing potential acquisitions, other arrangements or equity-based incentive plans or for other purposes decided by the Board of Directors. The Board of Directors also has the right to decide on the sale of company shares at the regulated market in accordance with Nasdaq Helsinki Ltd’s rules and regulations. The authorization is valid until next General Annual Meeting however not longer than until 30 June 2018, and the previous authorization granted to the Board of Directors by the 2016 Annual General Meeting regarding the issuance of shares and transfer of own shares expired upon the new authorization.

Market overview The growing number and variety of connected devices as well as digital services continues to create security challenges for both businesses and individuals. Combined with the increasing complexity of IT systems, these trends are driving demand for security services. While advanced cyber-attacks are becoming more common and persistent, criminals are targeting companies of all sizes along with consumers by taking advantage of vulnerabilities in popular software, traditional and new connected devices as well as online services. Apart from pure criminal activity, governments and hacktivists use vulnerabilities and malware e.g. for espionage and surveillance.

Attacks against corporations often go undetected for months, which fuels demand for products and services for incident detection and response, supplementing the endpoint security market. Furthermore, as organizations are increasingly adopting cloud services, they seek managed security services and cloud-based delivery to help them maintain control of their security. In the long run, this trend is expected to shift investment away from on-premise security products, while new opportunities are emerging in securing the cloud platforms.

Larger organizations also remain interested in securing their mobile device fleets.

The consumer security software market continues to be impacted by the changing device landscape, as well as the increasing significance of app stores and online sales overall. While the sales of traditional PC’s have declined slightly, the number of connected smart home devices is growing very rapidly. This creates opportunities for innovative new security products. There are also opportunities to capture market share from the competition with traditional security products.

The information security market overall was estimated to be worth USD 89.1 billion in 2017, and the market is expected to grow by 7.9% annually in 2016–2021*. The endpoint protection platforms (enterprise) market was worth USD 3.6 billion in 2017, and is expected to grow by 2.6% annually in 2016–2021*. The consumer security software market was worth USD 4.6 billion in 2017, and is expected to grow by 1.6% annually in 2016–2021*. The IT outsourcing market, including managed security services, was worth USD 16.7 billion in 2017, and is estimated to grow by 11.4% annually in 2016–2021 *.

Source: * Gartner, Forecast: Information Security, Worldwide, 2015–2021, 3Q17 Update, Ruggero Contu, Christian Canales, Sid Deshpande, Lawrence Pingree, 8 November 2017. Market size and growth rates in current dollars.

The Gartner Report(s) described herein, (the “Gartner Report(s)”) represent(s) research opinion or viewpoints published, as part of a syndicated subscription service, by Gartner, Inc. (“Gartner”), and are not representations of fact. Each Gartner Report speaks as of its original publication date (and not as of the date of this Financial Report) and the opinions expressed in the Gartner Report(s) are subject to change without notice.

Strategy 2018–2021F-Secure has updated the strategy as communicated at the Capital Markets Day on 22 November 2017:

The world is becoming digitalized and connected. Due to this, cyber-attacks and cyber-crime continue to be among

11

F-SECURE 2017

the most critical challenges the world is facing. While the complexity and magnitude of problems increases, expertise is concentrating into a limited number of specialized security companies.

For three decades, F-Secure has driven innovations in cyber security, defending tens of thousands of companies and millions of people. We are transforming from an endpoint protection company to a cyber security leader with a broader set of products and services.

F-Secure’s competitiveness is based on extensive experi-ence in cyber security, and a unique combination of man and machine. Our extensive experience, knowledge and insight in cyber security, combined with our global intelligence network, smart software and cutting edge artificial intelligence makes us the perfect trusted cyber security partner for companies of all sizes as well as individuals. We are the proud security advisor to many of the world’s largest and demanding organizations e.g. in the banking, automotive and airline industries as well as the military and law enforcement sector. Our expertise is continu-ously developed, as we take on the toughest of assignments.

As F-Secure seeks to accelerate growth, we continue to focus growth investments in corporate security. We provide best-in-class services and solutions to the mid-market, especially for customers seeking to buy prevention, detection and response as a service. We foresee the market moving towards managed endpoint security, and see especially strong growth in detection and response services. As we expand our product and service offering, we are also making it more integrated in order to offer efficient and comprehensive turn-key solutions to our customers and partners.

F-Secure’s corporate security products and services are sold through the channel. Our growing network of thousands of partners are key to our strategic expansion. F-Secure’s products are designed to be delivered from the cloud, and to support partners as they develop managed service provider business models. Ease of use both for end-customers as well as partners is critical aspect of all product design.

F-Secure also provides a comprehensive set of digital safety solutions to consumers, protecting their information, identities, devices, smart homes and families. F-Secure is the world’s leading provider of consumer security solutions through telecommunications operators. Together, we protect tens of millions of consumers and their digital lives. In consumer security, F-Secure continues with its existing sales channels aiming at profitable growth.

Outlook for 2018 F-Secure continues to invest in the growth of the corporate business, both the development of cyber security products and services as well as sales and marketing of these solutions. The company’s outlook for 2018:

– Revenue from corporate security is expected to grow by over 15% compared to 2017

– Revenue from consumer security to stay at the same level as in 2017.

– EBIT is expected to be in the range of 8–12M€

Outlook for strategy period 2018–2021

The demand for corporate cyber security products and services is expected to grow strongly. F-Secure aims to grow faster than the market, with revenue from corporate security expected to grow above 15% annually during our strategy period 2018–2021.

Driven by the anticipated revenue growth and scalable business model, the company’s profitability is expected to improve significantly in the long-term. The board and the management continuously seek to balance growth invest-ments and profitability to optimize long-term value creation for the shareholders.

Proposal for dividend distribution The Board of Directors is proposing to the Annual General Meeting, to be held on 4 April 2018, that a dividend of EUR 0.04 per share be paid based on the adopted balance sheet for the

financial year 2017. The suggested dividend record date is 6 April 2018 and the suggested payment date 18 April 2018.

The dividend per earnings is approximately 57% of the parent company’s result. On 31 December 2017, the parent company’s distributable equity amounted to a total of EUR 49.6 million. Events after period-end do not weaken the Company’s financial position nor does the proposed dividend pose any risk to the company’s financial standing.

Events after period-end No material changes regarding the Company’s business or financial position have occurred after the end of the year.

Helsinki, 8 February 2018F-Secure Corporation Board of Directors Risto Siilasmaa Pertti Ervi Matti Heikkonen Ari InkiSofie NystrømBruce Oreck Päivi Rekonen

President and CEOSamu Konttinen

12

0

5

10

15

20

25

1211100908070605040302010

1

2

3

4

million EUR

F-SECURE 2017

Economic indicatorsIFRS

2017IFRS

2016IFRS

2015IFRS

2014IFRS

2013

Economic indicators

Net sales (MEUR) * 169.7 158.3 147.6 137.4 155.1

Net sales growth % 7% 7% 7% –11% –1%

Operating result (MEUR) * 11.1 19.2 20.0 22.3 27.1

% of net sales 6.5% 12.1% 13.6% 16.2% 17.5%

Result before taxes * 11.9 20.8 20.7 23.4 26.3

% of net sales 7.0% 13.1% 14.0% 17.0% 17.0%

ROE (%) 14.8% 19.9% 28.1% 20.7% 24.9%

ROI (%) 19.7% 28.6% 52.1% 26.7% 40.9%

Equity ratio (%) 61.3% 66.7% 64.1% 74.9% 74.3%

Investments (MEUR) 9.3 6.9 14.6 5.8 3.7

% of net sales 5.5% 4.4% 9.9% 4.2% 2.4%

R&D costs (MEUR) * 34.5 28.4 26.9 30.1 41.7

% of net sales 20.4% 17.9% 18.2% 21.9% 26.9%

Capitalized development (MEUR) 3.9 3.2 2.3 2.3 0.3

Gearing % –129.9% –122.1% –122.4% –76.6% –65.6%

Wages and salaries (MEUR) 70.8 61.8 56.8 57.4 54.1

Personnel on average 1,067 981 894 937 949

Personnel on Dec 31 1,104 1,026 926 921 939

* For 2016, 2015, and 2014, only continuing operations .

Key ratiosIFRS

2017IFRS

2016IFRS

2015IFRS

2014IFRS

2013

Earnings / share (EUR) 0.07 0.10 0.14 0.10 0.11

Earnings / share (EUR) continuing operations 0.07 0.10 0.08 0.12

Earnings / share diluted 0.07 0.10 0.14 0.10 0.11

Earnings / share diluted continuing operations 0.07 0.10 0.08 0.12

Shareholders' equity per share 0.44 0.49 0.49 0.50 0.46

Dividend per share *) 0.04 0.12 0.12 0.16 0.06

Dividend per earnings (%) 57.1% 122.8% 85.7% 160.0% 54.5%

Effective dividends (%) 1.0% 3.4% 4.7% 7.1% 3.2%

P/E ratio 56.6 35.6 18.2 22.2 17.6

Share price, lowest (EUR) 3.17 2.19 2.08 1.78 1.55

Share price, highest (EUR) 4.84 3.60 3.84 2.90 2.15

Share price, average (EUR) 3.94 2.87 2.71 2.03 1.81

Share price Dec 31 3.89 3.48 2.58 2.25 1.87

Market capitalization (MEUR) 617.7 552.6 409.7 357.3 297.0

Trading volume (millions) 27.8 35.9 61.2 44.3 31.8

Trading volume (%) 17.5% 22.6% 39.3% 28.4% 20.5%

* Board proposal

Adjusted number of shares IFRS 2017 IFRS 2016 IFRS 2015 IFRS 2014 IFRS 2013

Average during the period* 156,502,983 156,022,774 155,801,466 155,756,751 155,374,231Average during the period, diluted* 156,502,983 156,022,774 155,801,466 155,756,751 155,382,904

Dec 31 158,798,739 158,798,739 158,798,739 158,798,739 158,798,739

Dec 31, diluted 158,798,739 158,798,739 158,798,739 158,798,739 159,178,330

* For 2016, 2015, and 2014, only continuing operations .

l Turnover EUR l Average price

Turnover and average share price per month 2017

KEY FIGURES

13

F-SECURE 2017

Equity ratio, %Total equity

� 100Total assets – advance payments received

ROI, %Result before taxes + financial expenses

� 100Total assets – non-interest bearing liabilities (average)

ROE, %Result for the period

� 100Total equity (average)

Gearing, % Interest bearing liabilities – cash and bank and AFS financial assets

� 100Total equity

Earnings per share, euroProfit attributable to equity holders of the company

Weighted average number of outstanding shares

Shareholders’ equity per share, EUR

Equity attributable to equity holders of the company

Number of outstanding shares at the end of period

P/E ratioClosing price of the share, end of period

Earnings per share

Dividend per earnings, %Dividend per share

� 100Earnings per share

Effective dividends, %Dividend per share

� 100Closing price of the share, end of period

CALCULATION OF KEY RATIOS

14

F-SECURE 2017FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

STATEMENT OF COMPREHENSIVE INCOME JAN 1–DEC 31, 2017

EUR 1,000 NoteConsolidated,

IFRS 2017Consolidated,

IFRS 2016

NET SALES (1) 169,695 158,289Material and services –6,645 –5,762

GROSS MARGIN 163,051 152,526Other operating income (4) 1,895 4,309Sales and marketing (5, 6) –104,969 –95,487Research and development (5, 6) –34,545 –28,396Administration (5, 6) –14,321 –13,720

OPERATING RESULT 11,111 19,231Financial income (8) 3,213 3,269Financial expenses (8) –2,383 –1,722

PROFIT (LOSS) BEFORE TAXES 11,941 20,778Income tax (10) –1,181 –5,053Result for the financial period from the continuing operations 10,760 15,725Result for the financial period from the discontinued operations –484

RESULT FOR THE FINANCIAL YEAR 10,760 15,241

Other comprehensive income Other comprehensive income to be reclassified to profit or loss in subsequent periodsExchange difference on translation of foreign operations –839 –339Available-for-sale financial assets (9) –117 901Taxes related to components of other comprehensive income (10) 23 –180

COMPREHENSIVE INCOME FOR THE YEAR 9,827 15,624

Result of the financial year is attributable to: Equity holders of the parent 10,760 15,241Comprehensive income for the year is attributable to: Equity holders of the parent 9,827 15,624Earnings per share continuing operations – basic and diluted (11) 0.07 0.10Earnings per share discontinued operations – basic and diluted (11) 0.00

15


STATEMENT OF FINANCIAL POSITION DEC 31, 2017



IFRS 2016

ASSETS

NON-CURRENT ASSETS

Tangible assets (12) 3,214 3,332

Intangible assets (12) 14,733 13,400

Goodwill (3, 13) 10,070 7,632

Deferred tax assets (14) 3,528 2,734

Other receivables (16) 666 77

Total non-current assets 32,211 27,175

CURRENT ASSETS

Inventories (15) 588 109

Trade and other receivables (16, 22) 50,061 46,182

Income tax receivables (16) 1,435 342

Available-for-sale financial assets (17, 22) 53,924 63,671

Cash and bank accounts (18, 22) 36,300 29,050

Total current assets 142,309 139,354

Discontinued operations 1,534

TOTAL ASSETS 174,520 168,064



IFRS 2016

SHAREHOLDERS’ EQUITY AND LIABILITIES

SHAREHOLDERS' EQUITY (19)

Share capital 1,551 1,551

Share premium 165 165

Treasury shares –4,575 –5,741

Fair value reserve 983 1,077

Translation differences –554 284

Reserve for invested unrestricted equity 5,378 5,211

Retained earnings 66,520 73,365

Equity attributable to equity holders of the parent 69,468 75,912

NON-CURRENT LIABILITIES

Deferred tax liabilities (14) 357 361

Other non-current liabilities (21) 17,502 13,916

Provisions (21) 1,173 158

Total non-current liabilities 19,032 14,436

CURRENT LIABILITIES (21)

Trade and other payables (22) 37,950 32,088

Income tax liabilities 1,945 2,516

Other current liabilities 46,126 40,514

Total current liabilities 86,020 75,117

Discontinued operations 2,599

TOTAL SHAREHOLDERS' EQUITY AND LIABILITIES 174,520 168,064

16


STATEMENT OF CASH FLOWS JAN 1–DEC 31, 2017



IFRS 2016

Cash flow from operations

Result for the financial year 10,760 15,241

Adjustments

Depreciation and amortization 6,296 5,610

Profit / loss on sale of fixed assets 45 183

Other adjustments 1,938 4,663

Financial income and expenses –830 –1,547

Income taxes 1,181 4,932

Cash flow from operations before change in working capital* 19,389 29,082

Change in net working capital

Current receivables, increase (–), decrease (+) –3,158 1,280

Inventories, increase (–), decrease (+) –457 26

Non-interest bearing debt, increase (+), decrease (–)* 13,885 6,784

Provisions, increase (+), decrease (–) –158 158

Cash flow from operations before financial items and taxes 29,501 37,330

Interest expenses paid –74 –1,010

Interest income received 1,032 93

Other financial income and expenses –376 –731

Income taxes paid –4,046 –13,790

Cash flow from operations 26,036 21,892



IFRS 2016

Cash flow from investments

Investments in intangible and tangible assets –7,106 –6,890

Investments in subsidiary shares, net of cash acquired (3) –2,205

Investments in available-for-sale financial assets (17) –7,742 –9,527

Proceeds from sale of intangible and tangible assets (2) 46 44

Proceeds from available-for-sale financial assets (17) 18,410 11,742

Cash flow from investments 1,402 –4,630

Cash flow from financing activities

Dividends paid –18,751 –18,696

Cash flow from financing activities –18,751 –18,696

Change in cash 8,687 –1,434

Cash and bank at the beginning of the period 29,050 29,919

Effects of exchange rate changes –1,437 565

Cash and bank at period end 36,300 29,050

* Presentation of deferred revenue has been changed and the comparative year has been adjusted accordingly.

17


STATEMENT OF CHANGES IN EQUITYAttributable to the equity holders of the parent

EUR 1,000 Share capitalShare

premium fundTreasury

sharesAvailable-

for-sale Translation diff.Unrestricted

equity reserveRetained earn-

ings Total equity

Equity December 31, 2015 1,551 165 –6,966 355 623 5,102 76,224 77,055

Available-for-sale financial assets, net 721 721

Translation difference –339 –339

Result of the financial year 15,241 15,241

Total comprehensive income for the year 0 0 721 –339 0 15,241 15,624

Dividends –18,696 –18,696

Cost of share based payments 1,224 109 596 1,929

Other changes

Equity December 31, 2016 1,551 165 –5,741 1,077 284 5,211 73,365 75,912

Available-for-sale financial assets, net –93 –93

Translation difference –839 –839


Total comprehensive income for the year 0 0 –93 –839 0 10,760 9,827

Dividends –18,751 –18,751

Cost of share based payments 1,166 167 1,147 2,480

Equity December 31, 2017 1,551 165 –4,575 983 –554 5,378 66,520 69,468

More information in note 19. Shareholders’ equity.

18


ACCOUNTING PRINCIPLES FOR THE CONSOLIDATED FINANCIAL STATEMENTS

Basic informationF-Secure produces online security and privacy services for consumers and businesses against malware and other threats.

The parent company of the Group is F-Secure Corporation incorporated in Finland and domiciled in Helsinki. Company’s registered address is Tammasaarenkatu 7, 00180 Helsinki. A copy of consolidated financial statements can be downloaded on www.f-secure.com or can be received from the parent company’s registered address.

These financial statements were authorized for issue by the Board of Directors on 8 February 2018. According to the Finnish Companies Act, the Annual General Meeting can confirm or reject the consolidated financial statements after publication. The Annual General Meeting can also decide to change the financial statements.

ACCOUNTING PRINCIPLESThe consolidated financial statements of F-Secure Corporation of 2017 have been prepared in accordance with International Financial Reporting Standards (IFRS), applying the IAS and IFRS standards as well as SIC and IFRIC interpretations that were in force and had been approved by the EU by 31 December 2017. The disclosures comply also with the Finnish accounting and corporate legislation.

Management judgment on significant accounting principles and use of estimates and assumptionsThe preparation of consolidated financial statements requires the use of estimates and assumptions as well as the use of judgment when applying accounting principles. These affect the contents of the financial statements and it is possible that actual results may differ from estimates.

Estimates made in connection with the preparation of financial statements are based on management’s best

knowledge at the reporting date. Estimates build upon past experience as well as assumptions of the future development of the economic environment of the Group. Possible changes in estimates and assumptions are recognized in the period they occur and in all future periods.

The key assumptions concerning the future of the Group and estimates at the reporting date are related to:

– Revenue recognition: Judgment is applied related to timing of revenue recognition of fixed priced operator agreements as those contracts are typically negotiated separately and different contract terms could have significant impact on revenue recognition. In addition, there is judgement involved in assessing timing of revenue recognition for other contracts especially related to allocation of license agreement revenues between license revenue and maintenance revenue.

– Impairment of assets: At each reporting date, the Group assesses whether there is any indication that an asset may be impaired. In impairment testing, recoverable amount is determined based on value in use calculations. The key variables used in the calculations are profitability, growth rate and the discount rate. The key assumptions used to determine the recoverable amount for goodwill, including sensitivity analysis, are further explained in note 13;

– Deferred tax assets: The Group has assessed how much unused tax losses can be utilized in the future. Further details are disclosed in note 14;

– Development expenditures carried forward: Initial capitalization of cost is based on management’s judgment on technological and economic feasibility. The Group has made assumptions regarding the expected future cash generation of the projects. Further details are disclosed in note 12.

– Recognizing share-based payment transactions: The cost of share-based payment transactions are based on the fair value at the date at which they were granted. The cost of

cash-settled transactions is measured by reference to the fair value at the date of balance sheet. The assumptions and models used for estimating fair value for share-based payment transactions are disclosed in note 20.

Principles of consolidationCompanies controlled directly or indirectly by F-Secure Corporation are consolidated in the financial statements using the acquisition method. Subsidiaries are consolidated from the date on which the Group obtains control on them. The consolidation stops when the control ceases. The Group does not have any associated companies nor is there any non-controlling interest in the Group.

All intra-group transactions and balances, including unreal-ized profits arising from intra-group transactions, have been eliminated on consolidation. Where necessary, accounting policies of the subsidiaries have been adjusted to ensure consistency with the policies adopted by the Group.

Segment reportingThe Group has one segment, data security. Segment reporting is consistent with the internal reporting submitted to the chief operating decision-maker. The Leadership Team has been appointed the chief operating decision-maker, responsible for allocating resources and assessing performance as well as making strategic decisions.

Transactions in foreign currencyThe consolidated financial statements of F-Secure Group are presented in euros, which is the parent company’s functional currency. The income statements of foreign Group companies are translated at the average exchange rates for the financial year. The balance sheets are translated using the European Central Bank’s exchange rates prevailing on the balance sheet date. Translation differences are recognized in shareholders’ equity and the change in other comprehensive income.

NOTES TO THE FINANCIAL STATEMENTS

19


The consolidated statement of cash flows is prepared by combining each subsidiary’s individual cash flow statements and eliminating intra group cash flows. Individual cash flows are translated into Euros using average exchange rates for the financial year.

Foreign currency transactions are translated using the exchange rates prevailing at the dates of the transactions. At the balance sheet date, assets and liabilities denominated in foreign currencies are translated using the European Central Bank’s exchange rates prevailing at that date. Exchange rate gains and losses of financial transactions are recognized in financial items in the income statement.

INTANGIBLE ASSETS

GoodwillGoodwill is formed in a business combination, and it is measured as the amount by which the consideration transferred, the non-controlling interest in the acquiree and the previously held equity interest in the acquiree exceed the fair value of the net assets acquired.

Goodwill is not amortized but is instead tested for impairment yearly and whenever there is an indication that it may be impaired. For this purpose goodwill has been allocated to cash-generating units. Goodwill is recorded at historical cost less accumulated impairment losses.

Research and development costsResearch expenditure is recognized as an expense at the time it is incurred. Development expenditures on new products or product versions with significant new features are recognized as intangible assets when they fulfill the requirements set out in IAS 38. Amortization is recorded on a straight-line basis over the estimated useful life, which is 3–8 years for these assets.

Other intangible assetsOther intangible assets include intangible rights, software licenses and customer relationships, all with a finite useful

LeasesLeases where the lessor retains substantially all the risks and benefits of ownership of the asset are classified as operating leases. Operating lease payments are recognized as an expense in the income statement on a straight-line basis over the lease term. The Group has only operating leases.

Impairment of assetsAt each reporting date, the Group assesses whether there is any indication that an asset may be impaired. Where an indicator of impairment exists, the Group makes a formal estimate of recoverable amount. The recoverable amount is estimated annually for the following assets regardless of whether any indication of impairment: goodwill, intangible assets with an indefinite useful life and intangible assets under construction.

Where the carrying amount of an asset exceeds its recoverable amount the asset is considered impaired and written down to its recoverable amount. The recoverable amount is the fair value of an asset less costs to sell or its value in use, whichever is higher. An impairment loss is recorded in the income statement.

A previously recognized impairment loss is reversed only if there has been a change in the estimates used to determine the asset’s recoverable amount since the last impairment loss was recognized. The maximum reversal of an impairment loss amounts to no more than the carrying amount of the asset if no impairment loss had been recognized, net of depreciation. Impairment losses relating to goodwill cannot be reversed in future periods.

PensionsAll of F-Secure Group’s pension arrangements are in accor-dance with local statutory requirements, and they are defined contribution plans. Contributions to defined contribution plans are recognized in the income statement in the period to which the contributions relate. The Group recognizes disability commitment of Finnish TyEL pension plan when disability appears.

life. Customer relationships have been acquired in a business combination, and they were originally valued using Multi-Period Excess Earnings model.

Other intangible assets with finite useful life are recorded at historical cost less accumulated amortization and possible impairment. Amortization is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of other intangible assets are as follows:

Intangible rights 3–8 yearsOther intangible assets 5–10 yearsCustomer relationships 8 years

Tangible assetsTangible assets are recorded at historical cost less accumulated depreciation and possible impairment. Depreciation is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of tangible assets are as follows:

Machinery and equipment 3–8 yearsOther tangible assets 5–10 years

Other tangible assets include renovation costs of rented office space.

Gains or losses on disposal of tangible assets are shown in other operating income or expense.

Government grantsGovernment grants are recognized as income over those periods in which the corresponding expenses arise. These grants are recognized as other operating income in the income statement.

InventoriesInventories are valued at the lower of cost and net realizable value. Cost is determined by first-in first-out method. Net realizable value is the estimated selling price that is obtainable, less estimated costs of completion and the estimated costs necessary to make the sale.

20


Share-based payment transactionsIn F-Secure’s industry it is common practice that incentives are provided to employees in the form of equity-settled share-based instruments. The Company has two kinds of incentive programs; a synthetic warrant-based program and a share-based program.

F-Secure’s synthetic warrant-based programs cover the Group’s key personnel. The synthetic warrant-based program is settled as cash-settled payments. The liability is valued at fair value at grant date and the expense is recognized evenly in the income statement over the vesting period. The Group revalues the liability to fair value at each reporting date. The fair value is determined by using the binomial model. The cumulative expense recognized at grant date is based on the Group’s estimate of the number of warrants that will ultimately vest at the end of the vesting period. If a person leaves the company before vesting, the warrant is forfeited. The Group updates its estimate of the ultimate number of warrants at each reporting date. Changes in the estimate are recorded in the income statement.

F-Secure’s share-based incentive program is targeted to the Group’s key personnel. The program is divided into an equity-settled and a cash-settled part. The equity-settled part is valued at fair value at grant date, and the expense is recognized evenly in the income statement over the vesting period with the counter-entry in retained earnings. Fair value is determined using the market value of the share of F-Secure Corporation. The cash-settled part is valued at fair value at grant date, and the expense is recognized evenly in the income statement over the vesting period with the counter-entry in liabilities. The cash-settled part is revalued to fair value at each reporting date. The cumulative expense recognized at grant date is based on the Group’s estimate of the number of shares that will ultimately vest at the end of the vesting period. If a person leaves the company before vesting, the reward is forfeited. The Group updates its estimate of the ultimate number of shares at each reporting date. These changes in the estimate are recorded in the income statement.

ProvisionsProvisions are recognized when the Group has a present obligation (legal or constructive) as a result of a past event, the outflow of resources is probable, and a reliable estimate of the amount of the obligation can be made.

Income taxesCurrent income taxes are calculated on the taxable income in all Group companies in accordance with the local tax rules. Deferred taxes, resulting from temporary differences between the financial statement and the income tax basis of assets and liabilities, use the enacted tax rates in effect in the years in which the differences are expected to reverse. Deferred tax assets are recognized to the extent that it is probable that future taxable profit will be available.

Revenue recognitionRevenue is derived from corporate and consumer businesses. Corporate security business revenue includes cyber security products, managed services, and cyber security consulting. Cyber security products comprise endpoint protection solutions (Protection Service for Business, Business Suite), as well as solutions targeted at detecting and responding to advanced attacks (Rapid Detection Service, RDS) and vulner-ability management (F-Secure Radar), which may be sold either as cyber security products or as managed services. Consumer security business revenue comes through operator and direct consumer channels, and the main products include F-Secure SAFE, F-Secure Freedome, and F-Secure KEY.

Cyber security product sales include license sales. In the corporate and direct consumer businesses, license agreements consist of initial license agreements and periodic maintenance agreements covering product updates and customer support. License fee revenue included in those agreements is recognized when the product is initially delivered, whereas the license agreements’ maintenance revenue is recognized over the maintenance period. In the operator business, most of the license sales are usage-based and booked based on usage

reports, but there are also fixed price operator agreements. The terms of these agreements vary significantly and their revenue recognition is therefore defined case-by-case.

Service revenue, including cyber security consulting and managed services, is recognized at the time of delivery of the service.

Revenue and costs of fixed-price consulting projects are recognized as revenue and expenditure on the basis of the percentage of completion when the outcome of the project can be reliably estimated. The percentage of completion of the project is specified as the proportion of cost occurred compared to total estimated contract costs. When it is likely that the total costs required for completing the project exceed the total revenue from the transaction, the expected loss is recognized as an expense immediately.

Other operating income Other operating income includes e.g. gain on sale of fixed assets, rental revenue, and government grants received for research and development projects.

Presentation of expensesClassification of the functionally presented expenses has been made by presenting direct expenses in their respective functions and by allocating other expenses to operations on the basis of average headcount in each function.

Operating resultIAS 1 Presentation of Financial Statements standard does not define the concept of operating result. The Group has defined it as follows: operating result is the net amount, which consists of the net sales and other operating income less cost of purchase which is adjusted for changes in inventories, employee benefit costs, depreciation and amortization, possible impairment losses, and other operating expenses.

21


value changes are released from equity and recognized in the income statement.

Cash and cash equivalents in the Consolidated Statement of Financial position comprise cash at bank and in hand and other highly liquid short-term investments.

Financial liabilitiesAccording to IAS 39 standard, financial liabilities are classified into financial liabilities at fair value through profit or loss, and loans and liabilities. Financial liabilities are initially recognized at fair value. The Group’s financial liabilities consist of short-term trade payables and derivatives.

Derivative financial instruments and hedgingThe Group uses derivative financial instruments such as forward currency contracts to hedge its risks associated with foreign currency fluctuations. Derivatives are valued at fair value. The fair value of forward currency contracts is calculated based on current forward exchange rates at the reporting date for contracts with similar maturity profiles. The gains and losses arising from the change of fair value are booked through the income statement as the Group does apply hedge accounting.

Discontinued operationsThe result of discontinued operations is presented as a separate item in the consolidated statement of comprehensive income. Assets and liabilities of discontinued operations are presented separately from other items in balance sheet. Further details are disclosed in note 2.

THE NEW AND AMENDED STANDARDS ADOPTED BY THE GROUP

The Group has not applied new IFRS standards or interpreta-tions during 2017.

New standards and interpretations not yet adoptedThe Group has not yet adopted the following new and amended standards and interpretations already issued by the IASB:

– IFRS 15 Revenue from Customer Contracts requires that revenue is recognized when an entity satisfies performance obligations towards its customers. It has been concluded that the revenue from customer contracts shall mainly be recognized over time, as the nature of the performance obligation is such that F-Secure satisfies it throughout customer contract duration. The analysis has concluded that, cyber security software and services are, by large, considered as one performance obligation that is satisfied over time. The implementation of the new standard impacts mostly B2B and consumer e-commerce contracts of which a portion of the revenue was recognized upfront. Operator Contracts are not impacted.

F-Secure will adopt the IFRS15 revenue recognition standard as of 1 January 2018. The Group will be using the full retrospective method and the IFRS 15 restated figures for 2017 will be published in Q1 2018 Interim report. During last quarter of 2017, F-Secure completed the necessary calculations and adjustments as well as the system changes, that are in compliance with IFRS15 standard.

It is estimated that the impact of the IFRS15 standard on the restated 2017 revenue will be immaterial due to offset-ting effect of the historical recognized revenue and deferral of the new sales. The standard impacts mainly contracts with upfront revenue recognition. Majority of the contracts are already recognized over time prior to application of the IFRS15 standard.

IFRS 15 standard impacts also the recognition of the incremental costs of obtaining contracts with customers. F-Secure will defer the recognition of the sales commissions. Impact of sales commissions deferral on 2017 is also low as

Treasury sharesParent company has acquired treasury shares in 2008–2011. The purchase price of the shares has been deducted from equity.

Financial assets According to IAS 39 standard, financial assets have been classified into financial assets at fair value through profit or loss, held-to-maturity, loans and receivables, and available-for-sale financial assets. The classification is made at original acquisition based on the purpose for which the assets were acquired. The cost of purchase includes transaction costs for other than assets at fair value through profit or loss. Purchases and sales of financial assets are recognized on the trade date. F-Secure currently has loans and receivables, available-for-sale financial assets, and financial assets at fair value through profit or loss (derivatives).

Loans and receivables originated by the enterprise are measured at amortized cost. Trade receivables are carried at the original invoice amount to customers less an estimate made for doubtful receivables. The Group records an impairment when there is objective evidence that the trade receivables will not be recovered in full. Evidence of impair-ment include debtor’s significant financial difficulty, probability of bankruptcy, non-payments, and delay of payment for more than 90 days. Outstanding receivables are reviewed periodi-cally and bad debts are written off when identified.

Available-for-sale financial assets consist mainly of interest-bearing debt securities and shares in mutual funds invested in similar instruments. For assets that are actively traded in organized financial markets, fair value is determined by reference to Stock Exchange quoted market prices. Assets, the fair value of which cannot be measured reliably, are recognized at cost less impairment. The fair value changes of available-for-sale financial assets are recognized in shareholders’ equity under fair value reserve. When financial assets recognized as available-for-sale are sold or impaired, the accumulated fair

22


and a financial liability to pay rentals are recognized. The only exceptions are short-term and low-value leases.

F-Secure currently has only operating leases, which consist mainly of rented office premises and leased cars. As at the reporting date, the group has non-cancellable operating lease commitments of EUR 13.7 million, see note 24. The new standard will increase both assets and liabilities significantly, and operating profit will improve as part of the lease-related expense will be reported as financial costs. The effects of the changes have not yet been quantified.

Other new or amended standards or interpretations are not expected to have an impact on the consolidated financial statements.

historical costs recognized are compensated by deferral of the new costs.

On the equity, we expect approximately EUR 0.8 million increase on opening retained earnings as of 1 January 2017 due to IFRS 15 implementation adjustment. The credit position of EUR 0.8 million, that is the net result of historical revenue deferral carry forward and deferral of commissions in excess of revenue impact.

– IFRS 9 Financial Instruments and subsequent amendments (effective for financial years beginning on or after 1 January 2018). The new standard replaces IAS 39 Financial Instruments: Recognition and Measurement. IFRS 9 changes the classification and valuation of financial assets and includes a new model for estimating impairment of financial assets, which is based on expected credit losses.

F-Secure has significant investments in fixed income funds, classified as available-for-sale financial assets under IAS 39. F-Secure is planning to classify these as fair value through profit or loss under IFRS 9. The classification change would result in increased volatility of the net result. However, this increase is not expected to be significant due to the nature of the funds. In the balance sheet perspective impact is limited only to a reclassification of fair value fund to retained earnings. F-Secure will adopt the new standard on the required effective date 1 January 2018.

The new impairment model requires the recognition of impairment provisions based on expected credit losses rather than only incurred credit losses as is the case under IAS 39. F-Secure does not expect the expected credit loss model to have a material impact on the consolidated financial statements.

– IFRS 16 – Leases (effective for financial year beginning on or after 1 January 2019, not yet endorsed for use by the European Union). IFRS 16 will result in almost all leases being recognized on the balance sheet, as the distinction between operating and finance leases is removed. Under the new standard, an asset (the right to use the leased item)

23


1. SEGMENT INFORMATIONThe Group has one business segment, security. The chief operating decision maker i.e. the Leadership team gets financial information on a monthly basis of the revenue by sales channel. For the geographical information, revenue is presented based on the location of the customer and the long-term assets based on the location of the assets.

Consolidated2017

Consolidated2016

Sales channels

Revenue from external customers

Consumer security 97,143 95,780

Corporate security 72,552 62,509

Total 169,695 158,289

Geographical information

Revenue from external customers

Nordic countries 62,916 57,449

Rest of Europe 69,401 65,019

North America 16,427 14,583

Rest of world 20,952 21,238

Total 169,695 158,289

Long-term assets


Rest of Europe 3,321 357

North America 114 265

Rest of world 413 562

Total 28,017 24,364

2. DISCONTINUED OPERATIONSOnF-Secure’s personal cloud storage business (younited) was sold to Synchronoss Technologies in February 2015 and is reported as discontinued operations 2015–2016. The value of the transaction was USD 60 million in cash. As a part of the transaction, the companies also agreed on certain intellectual property and patent rights. The Group has classified the personal cloud storage business as discontinued operations.

Result for the financial period of the personal cloud business

Consolidated2017

Consolidated2016

Revenues 3,275

Expenses –3,880

Result before taxes –605

Taxes 121

Result for the period –484

Net gain on disposal

Attributable taxes

Result after taxes –484

Earnings per share, discontinued operations, EUR 0.00

Earnings per share, discontinued operations, diluted, EUR 0.00

Cash flow statement

Cash flow from operations 2,667


Change in cash 2,667

3. ACQUISITIONSOn 15 February 2017, F-Secure acquired 100% of the shares of Inverse Path S.r.l., a small privately held company based in Italy providing security services to the avionics, automotive, and industrial control sectors. Goodwill arising on the acquisition is attributable to the know-how and expertise in the company, and it is not tax deductible.

On 10 May 2017, F-Secure acquired 100% of the shares of Digital Assurance Consulting Limited, a privately held UK based security consultancy firm offering information security assessment services to governments and companies in financial, petrochemical, retail, communication, and defense industries. The acquired intangible assets relate to existing customer relationships. Goodwill arising on the acquisition is attributable to the know-how and expertise in the company, and it is not tax deductible.

The acquisitions are individually immaterial to the consolidated financial statements.Total consideration paid, aggregate value of intangible assets, other net assets acquired and

resulting goodwill as of each acquisition date:

Other intangible assets 552

Other net assets 407

Total identifiable net assets 960

Goodwill 2,540

Total purchase consideration 3,499

24

F-SECURE 2017

4. OTHER OPERATING INCOME

EUR 1,000 Consolidated 2017 Consolidated 2016

Government grants 1,423 3,797

Rental revenue 390 319

Other 81 193

Total 1,895 4,309

5. DEPRECIATION, AMORTIZATION, AND IMPAIRMENT

EUR 1,000 Consolidated 2017 Consolidated 2016Depreciation and amortization of non-current assets

Other intangible assets –1,575 –1,355

Capitalized development –3,234 –2,250

Intangible assets –4,809 –3,605

Machinery and equipment –1,371 –1,479

Other tangible assets –116 –188

Tangible assets –1,487 –1,668

Total depreciation and amortization –6,296 –5,272

Depreciation and amortization by function

Sales and marketing –3,978 –2,203

Research and development –1,616 –2,831

Administration –701 –238


6. PERSONNEL EXPENSES


Personnel expenses

Wages and salaries –70,824 –61,754

Pension expenses – defined contribution plan –9,236 –8,375

Share-based payments –3,717 –2,522

Other social expenses –5,727 –8,545

Total –89,503 –81,196

Employee benefits of the management are stated in disclosure 26. Related party transactions.Share-based payments are stated in disclosure 20. Share-based payment transactions.

Average number of personnel 1,067 981

Personnel by function December 31

Sales and marketing 636 570

Research and development 360 325

Administration 108 131

Total 1,104 1,026

7. AUDIT FEES


Group auditor

Audit fees, PricewaterhouseCoopers –178 –145

Audit related fees, PricewaterhouseCoopers –9

Audit fees, Ernst&Young –89

Tax consulting, Ernst&Young –65

Other consulting, PricewaterhouseCoopers –97 –77

Other consulting, Ernst&Young –43

Total –284 –419

PricewaterhouseCoopers Oy has provided non-audit services to entities of F-Secure Group in total 106 thousand euros during the financial year 2017. These services included auditors’ statements (9 thousand euros) and other services (97 thousand euros).

Other auditors

Audit fees –79 –46

Tax consulting –38

Total –79 –84

25


8. FINANCIAL INCOME AND EXPENSES


Financial income

Dividends from available-for-sale financial assets 7 11

Other financial income from available-for-sale financial assets 872 579

Interest income from loans and receivables 997 93

Exchange gains 1,171 2,576

Other financial income 165 10

Total 3,213 3,269

Financial expenses

Interest expense from loans and liabilities –72 –9

Exchange losses –2,332 –1,635

Other financial expenses 21 –78

Total –2,383 –1,722

Interest income in 2017 includes EUR 0.9 million refund of late payment interest related to withholding taxes from 2009–2011.

9. FINANCIAL INCOME AND EXPENSES IN OTHER COMPREHENSIVE INCOME


Components of other comprehensive income

Available-for-sale financial assets

Gains/(losses) arising during the year 677 954

Reclassification to profit or loss –793 –52

Total –117 901

10. INCOME TAX


Current income tax for the year –2,159 –7,137

Adjustments for current tax of prior periods 54 –58

Change in deferred tax 924 2,142

Total –1,181 –5,053

Components of other comprehensive income

Available-for-sale financial assests 23 –180

A reconciliation of income tax expense in the income statement and income tax calculated at the parent company’s country of residence income tax rate (20%):

Result before taxes 11,941 20,778

Income tax at Finnish tax rate of 20% –2,389 –4,156

Effect of overseas tax rates –270 –90

Effect of changes in tax rates 41 30

Non-deductible expenses/tax-exempt revenue –225 –788

Unrecognised tax losses 253 –17

Adjustments for prior period tax 54 866

Other 1,355 –899

Total –1,181 –5,053

Other taxes in 2017 mainly consist returned withholding taxes EUR 2.1 million by offsetting EUR 0.5 million non-creditable withholding taxes. The 2016 adjustments for prior period tax include a positive EUR 0.9 million correction to the 2015 deferred tax asset in Japan. The misstatement is not considered material and has been booked through the change in deferred tax in the income statement in 2016. Other taxes in 2016 consist mainly of non-creditable withholding taxes.

In June, the Finnish Tax Administration’s Board of Adjustment approved F-Secure’s appeal related to withholding taxes. As a result EUR 3.1 million consisting of taxes, interests and late penalty payments was returned to the Company, and the payment was recorded in financial items and income taxes in the second quarter. The payment relates to the decision of Finnish Tax Authority in 2015 to adjust taxation for tax years 2009–2011 based on a partial tax audit. F-Secure appealed the decision and the Finnish Tax Administration’s Board of Adjustment approved the appeal. The approval does not have an impact on future taxation of the Company. More information regarding the tax audit is available in the 2016 financial statements, disclosure 10, Income taxes.

26


11. EARNINGS PER SHARE Basic earnings per share amounts are calculated by dividing net profit for the year attributable to ordinary equity holders of the parent by the weighted average number of ordinary shares outstanding during the year. Diluted earnings per share amounts are calculated by dividing the net profit attributable to ordinary shareholders by the weighted average number of ordinary shares outstanding during the year adjusted for the effects of dilutive options.

EUR 1,000 Consolidated 2017 Consolidated 2016Net profit attributable to equity holders from continuing operations 10,760 15,241

Weighted average number of ordinary shares (1,000) 156,503 156,023

Adjusted weighted average number of ordinary shares for diluted earning per share 156,503 156,023

Basic and diluted earnings per share (EUR/share), continuing operations 0.07 0.10

Basic and diluted earnings per share (EUR/share), discontinued operations 0.00

The weighted average number of shares take into account the effect of change in treasury shares.

27


12. NON-CURRENT ASSETS

INTANGIBLE ASSETS TANGIBLE ASSETSOther

IntangibleCapitalized

development GoodwillAdvance

payments TotalMachinery &

equipmentOther

tangibleAdvance

payments Total

Acquisition cost Jan 1, 2016 19,923 12,369 7,599 3,044 42,936 29,065 3,635 32,700

Translation difference 3 32 36 95 10 105

Additions 174 69 4,586 4,828 1,987 112 2,098

Transfers 3,526 –3,526 30 –30 0

Disposals –2,036 –1,310 –3,346 –3,376 –562 –3,938

Acquisition cost Dec 31, 2016 18,064 14,654 7,632 4,104 44,454 27,800 3,165 30,965

Translation difference –6 –14 –20 –376 –41 –418

Acquisitions and divestments 532 532 100 11 111

Additions 499 68 2,453 5,011 8,031 1,068 470 2 1,540

Transfers 3,555 3,458 0 –7,013 0 –74 74 0

Disposals –8,930 –1,453 0 –10,383 –15,590 –2,048 –17,638

Acquisition cost Dec 31, 2017 13,715 16,727 10,070 2,102 42,615 12,928 1,631 2 14,560

Acc . depreciation Jan 1, 2016 –15,649 –7,517 –23,166 –25,995 –3,298 –29,293

Translation difference 8 –2 6 –71 3 –69

Depreciation for the period –1,355 –2,250 –3,605 –1,824 –188 –2,013

Depreciation of disposals 1,301 2,041 3,342 3,188 554 3,741

Acc . depreciation Dec 31, 2016 –15,694 –7,728 –23,423 –24,703 –2,930 –27,633

Translation difference 5 0 5 311 34 345

Acquisitions and divestments –65 –65 –75 –75

Transfers 153 –153 –136 136 0

Depreciation for the period –1,478 –3,233 –4,711 –1,357 –133 –1,491

Depreciation of disposals 8,929 1,453 10,382 15,485 2,021 17,506

Acc . depreciation Dec 31, 2017 –8,150 –9,661 –17,812 –10,475 –873 –11,347

Book value as at Dec 31, 2016 2,370 6,926 7,632 4,104 21,031 3,097 236 3,332

Book value as at Dec 31, 2017 5,565 7,066 10,070 2,102 24,803 2,453 759 2 3,214

28


13. IMPAIRMENT TESTING OF GOODWILLIn impairment testing the Group’s assets are tested against cash flow generated by the Group’s Cyber Security Service and licenses sales.

The cash flow estimates have been reviewed by the management and cover the next four years. The estimates are based on value in use calculation using cash flow projections from the 2018 budgets and financial forecasts for years 2019–2021. Cash flows after the forecast period are taken into account by a terminal value calulated assuming a steady 1% per annum growth. The forecast profitability level is based on 2017 profitability, 2018 budget and longer term communicated profitability target level. The used discount rate is 8.5% before taxes. The impairment test, based on these assumptions, show no need to impair assets and/or goodwill.

Sensitivity to changes in assumptionsThe main parameters in the calculations are profitability, growth rate and discount rate. If any of the main parameters would change so that the discounted cash flows would meet the book value, need for impairment would arise. However, the Group estimates such a change not to be reasonably possible.

14. DEFERRED TAX

EUR 1,000 Consolidated 2017 Consolidated 2016Deferred tax assets relate to following:Fixed assets 735 841

Accruals and provisions 3,075 2,289

Tax losses carried forward 67 88Total 3,876 3,218

Offset against deferred tax liabilities –349 –483

Net deferred tax assets 3,528 2,734

Change in deferred tax assets:Recognized in profit or loss –659 1,887

Deferred tax liabilities relate to the following:Fixed assets 460 576

Available-for-sale financial assets 246 269

Total 706 845

Offset against deferred tax assets –349 –483

Net deferred tax liabilities 357 361

Change in deferred tax liabilities:Recognized in profit or loss 116 259

Recognized in other comprehensive income 23 –180

At December 31, 2017 the Group had 0.5 million euro losses carried forward that are available for offset against future taxable profits in the companies in which the losses arose.

15. INVENTORIES


Inventories 588 109

No impairment was recognized for inventories in years 2017 and 2016.

16. RECEIVABLES


Non-current receivables

Other receivables 666 77

Current receivables

Trade receivables 41,365 36,390

Loan receivables 10 15

Other receivables 1,155 2,364

Prepaid expenses and accrued income 7,532 7,413

Accrued income tax 1,435 342

Total 51,496 46,524

Ageing of trade receivables (including discontinued operations)

Not fallen due 27,329 26,339

1–90 days past due 10,840 10,051

Over 90 days past due 5,014 2,624

Less provision for bad debt –1,818 –1,090

Total 41,365 37,924

Movements in the provision for impairment of trade receivables

Book value as at Jan 1 1,090 2,550

Change for the year 983 –460

Receivables written off during the year –256 –1,000

Book value as at Dec 31 1,818 1,090

Material items included in prepaid expenses and accrued income

Prepaid royalty 2,507 2,982

Grant receivables 1,637 2,722

Other prepaid expenses 3,388 1,709

Total 7,532 7,413

29


17. AVAILABLE-FOR-SALE FINANCIAL ASSETS

Available-for-sale financial assets consist mainly of interest-bearing debt securities and shares in funds invested in similar instruments. For assets that are actively traded in organized financial markets, fair value is determined by reference to Stock Exchange quoted market bid prices at the close of business on the balance sheet date. Net asset value (NAV) is used as a practical expedient to measure fair value for the investments in non-listed funds. Assets, for which fair value cannot be measured reliably, are recognized at cost less impairment. The fair value changes of available-for-sale financial assets are recognized in shareholders’ equity under fair value reserve.


Fair value as at Jan 1 63,671 64,437

Additions 7,742 9,527

Decreases –18,403 –11,731

Gain on sale in the income statement 1,030 579

Change in fair value –117 901

Impairment 0 –43

Fair value as at Dec 31 53,924 63,671

Shares – unlisted 26 27

Shares – listed 0 157

Funds 53,898 63,487


18. CASH AND SHORT-TERM DEPOSITS


Cash at bank and in hand 36,300 29,050

Available-for-sale financial assets are considered a part of the Group’s ongoing cash management activities. See note 23. Financial risk management objectives and policies.

19. SHAREHOLDERS’ EQUITY

Issued and fully paid

EUR 1,000Number of

sharesShare

capital

Share premium

fund

Unrestricted equity

reserveTreasury

shares

Dec 31, 2015 155,802,690 1,551 165 5,102 –6,966

Deferred payment 455,510 109 1,224

Dec 31, 2016 156,258,200 1,551 165 5,211 –5,741

Deferred payment 455,510 167 1,166

Dec 31, 2017 156,713,710 1,551 165 5,378 –4,575

The share capital amounted to 1,551,311 euro and the number of shares was 158,798,739 (including own shares 2,085,029) at the end of 2017. A share has no nominal value. Accountable par value is EUR 0.01.

Share premium fundProceeds from exercised warrants were recognized under the share capital and share premium fund until March 26, 2008.

Unrestricted equity reserveOn March 20, 2007, the shareholders’ meeting decided to decrease the share premium fund. The decreased amount of 33,582 thousand euro was transferred to unrestricted equity reserve. On March 26, 2008, the shareholders’ meeting decided that the total amount of the subscription prices paid for new shares issued after the date of the meeting, based on stock options under the F-Secure Stock Option Plan 2005, be recorded in Companys’ unrestricted equity reserve. Any excess after settling treasury shares as share based incentive and as board compensation is recorded in unrestricted equity reserve.

Translation differencesThe translation difference is used to record exchange difference arising from the translation of the financial statements of foreign subsidiaries.

Dividends proposed and paidProposed for approval at AGM for financial year 2017 is 0,04 euro per share (6,268,548.40 euro in total). Final dividend for financial year 2016 was 0.12 euro per share, paid during 2017 (18,750,984.00 euro in total). Final dividend for financial year 2015 was 0.12 euro per share, paid during 2016 (18,696,322.80 euro in total).

Treasury sharesTreasury shares contains the purchase value of own shares owned by the Group. The cost of acquisition is reported as a deduction in shareholders’ equity. The shares were acquired through

30


public trading on NASDAQ OMX Helsinki. The parent company has not acquired treasury shares during the period. The parent companys’ treasury shares were used in a deferred payment of the 2015 acquisition.

The total number of acquired treasury shares was 2,085,029 at the end of 2017. This represents 1.3% of the Company’s voting power on December 31, 2017.

Fair value reserveThe reserve is used to record increments and decrements in the fair value of available-for-sale financial assets.

Before tax Tax After tax Total

Fair value reserve Dec 31, 2015 444 –89 355 355

Available-for-sale, net 954 –191 763 763

Fair value gains/losses to PL –52 10 –42 –42

Fair value reserve Dec 31, 2016 1,346 –269 1,077 1,077

Available-for-sale, net 677 –135 541 541

Fair value gains/losses to PL –793 159 –634 –634

Fair value reserve Dec 31, 2017 1,229 –246 983 983

20. SHARE-BASED PAYMENT TRANSACTIONSDuring the period the Group has had four different incentive plans which cover the key personnel of the Group.

Synthetic option-based incentive programThe synthetic option-based incentive program has been established on and April 2015 as part of the key employee incentive and retention system within F-Secure Group. The program offer for the participants a possibility to receive synthetic options of F-Secure Corporation as a long-term incentive compensation. No reward can be given to any participating employee, whose employment has terminated before the end of the vesting period.

The synthetic option-based incentive program will last five years. Program comprise three granting periods and a subsequent vesting period of two years after each granting year. The program 2015–2017 ends on December 31, 2019. Within the framework of program, the aggregate number of options to be given as reward cannot exceed 5 million. The actual compensation is the difference of subscription price and the vesting price, and will be paid to the participating employees as a cash-settled payment.

The subscription price of the synthetic option is the weighted average share price in the period of October to December prior to the granting year. The vesting price is the weighted average share price in period of September to November prior to the payment month.

The subscription price for the granting period 2015 is 2.01.The subscription price for the granting period of 2016 is 2.65.

Options outstanding

EUR 1,000 2017 2016

Outstanding Jan 1 1,480,000 Outstanding Jan 1 1,455,000

Granted 0 Granted 715,000

Forfeited –210,000 Forfeited –95,000

Exercised –600,000 Exercised –595,000

Expired 0 Expired 0

Outstanding Dec 31 670,000 Outstanding Dec 31 1,480,000

Expense arising from share-based payment transactions during the period was 1,001 thousand euro (1,121 thousand euro in 2016). The carrying amount of liability at December 31, 2017 was 1,856 thousand euro.

The fair value of options granted during the period was determined by using the Binomial model.

Parameters used: Synthetic option program

2017 2016

Weighted average share price EUR – 2.78

Weighted average exercise price EUR – –

Expected volatility – 29.00%

Option life in years – 2.0

Risk-free interest rate – 0.63%

Expected dividends –

No options was granted during the period 2017.Expected volatility reflects the assumption that the historical volatility is indicative of future

trends, which may also not necessarily be the actual outcome. Based on previous years, the company has estimated that 2–3% of granted options will be forfeited.

Share-based incentive programsDuring the period the Group had three share-based incentive programs. The share-based incentive programs has been established as part of the key employee incentive and retention system within F-Secure Group. The program will offer for the participants a possibility to receive shares of F-Secure Corporation as an incentive reward if the Company’s financial targets set for the earning period have been achieved. No reward can be given to any participating employee, whose employment has terminated before the end of the lock-up period.

The share-based incentive program 2014–2016 has been established in March 2014. The program will last five years. It comprises three earning periods. Each earning period lasts three years. The program ends on December 31, 2018. The rewards will be settled in two phases so that one part is settled as equity-settled payment and one part as cash-settled payment. On the basis of the program maximum total of 10,000,000 shares and a cash payment corresponding to the

31


registration date value of the shares shall be given as reward. The Board approves the metrics, targets and participants on annual basis for each earning period.

The share-based incentive program 2017–2019 has been established in February 2017. The program will last five years. It comprises three earning periods. Each earning period lasts three years. The program ends on December 31, 2021. The rewards will be settled in two phases so that one part is settled as equity-settled payment and one part as cash-settled payment. On the basis of the program maximum total of 10,000,000 shares and a cash payment corresponding to the registration date value of the shares shall be given as reward. The Board approves the metrics, targets and participants on annual basis for each earning period.

The restricted share-based incentive program 2017–2019 has been established in February 2017. The program is divided into individual restricted share plans. The program includes individual earning periods for each plan. Earning periods will commence based on the decision of the Board of Directors. The program ends on December 31, 2019. The rewards will be settled in two phases so that one part is settled as equity-settled payment and one part as cash-settled payment. On the basis of the program maximum total of 600,000 shares and a cash payment corresponding to the registration date value of the shares shall be given as reward. The Board of Directors shall determine the amount of the maximum reward for each individual plan and participant.

The participating employee shall be entitled to the shareholder rights of the reward shares (e.g. dividend) from the moment the shares have been entered into the participating employee’s book-entry account.

Expense arising from the share-based payment transactions during the period was 2,793 thousand euro (1,356 thousand euro in year 2016). The costs of equity-settled transactions are measured by reference to the fair value of the F-Secure Corporation share at the date on which they are granted. The costs of cash-settled transactions are measured by reference to the fair value of the F-Secure Corporation share on date of balance sheet.The Group updates the estimate of the number of equity instruments that will ultimately vest at each reporting date.

21. LIABILITIES


Non-current liabilities

Deferred tax liability 357 361

Deferred revenue 15,006 13,737

Other non-current liability 2,495 179

Provisions 1,173 158

Total 19,032 14,436

Current liabilities

Deferred revenue 46,126 40,514

Trade payables 6,220 6,556

Other liabilities 5,297 5,058

Accrued expenses 26,433 20,474

Income tax liabilities 1,945 2,516

Total 86,020 75,117

Material amounts shown under accruals and deferred income

Accrued personnel expenses 15,409 14,984

Deferred royalty 1,695 980

Other accrued expenses 9,330 4,510

Total 26,433 20,474

Provisions

Book value as at 1.1 . 158

Arising during the year 158

Used during the year –158

Transfer from discontinued operations 1,173

Book value as at 31.12 . 1,173 158

A French service provider has issued claims against F-Secure based on a contract relating to purchase of services. The matter is subject of an ongoing appeal process in a French court instance. A provision of EUR 1.2 million has been recognized in the discontinued operations in previous years based on the ongoing litigation. F-Secure does not anticipate the presented claims and the eventual outcome of the dispute to materially impact its financial position.

32


22. FINANCIAL ASSETS AND LIABILITIES


Loans and other receivables 10 15


Available-for-sale financial assets 53,924 63,671

Cash and bank accounts 36,300 29,050

Trade payables –6,220 –6,556

Total 125,379 122,570

The carrying amounts of the Group’s financial instruments are equivalent to fair values.

Fair value hierarchyThe Group uses the following hierarchy for determining and disclosing the fair value of financial intruments by valuation techniqueLevel 1: quoted prices in active markets for indentical assets or liabilitiesLevel 2: other techniques for which all inputs which have a significant effect on the recorded fair value are observable, either directly or indirectlyLevel 3: techinques which use inputs which have a significant effect on the recorded fair value that are not based on observable market data

Assets measured at fair value Total Level 1 Level 2 Level 3

Available-for-sale financial assets Dec 31, 2017 53,924 0 53,898 26

Available-for-sale financial assets Dec 31, 2016 63,671 157 63,487 27

23. FINANCIAL RISK MANAGEMENT OBJECTIVES AND POLICIES

GeneralThe goal of risk management is to identify risks that may hinder the Group from achieving its business objectives. The responsibility for the Company’s risk management lies with the CEO, the management and ultimately with the Board of Directors. The risks related to the Group’s financial instruments are mainly related to credit risks and foreign currency fluctuations. The Group’s available-for-sale assets are also exposed to interest rate fluctuations.

Credit riskThe Group trades only with recognized, creditworthy third parties. Receivable balances are monitored and collected on an ongoing basis. The maximum exposure to credit risk at the reporting date is the carrying value of financial assets. There are no significant concentrations of credit risk within the Group. See notes 16. Receivables and 22. Financial assets and liabilities.

Liquidity riskEconomic situation improved and the Group’s liquidity remained good level. At the end of the year the market value of the available-for-sale financial assets was 53.9 million euro (63.7 million euro in 2016) and cash and bank 36.3 million euro (29.0 million euro in 2016). The Group’s financial management makes cash flow forecasts regularly to ensure the financial needs of the business operations are met. The management has not identified any significant concentrations of liquidity risks in the financial assets or in sources of finance.

Foreign currency riskThe Group invoices mainly in Euros. However, there are some transactional currency exposures that arise from sales or purchasing in other currencies. The other main measurement currencies are USD, JPY, SEK, GBP and BRL. In order to minimize the impact of the fluctuation of the exchange rates, the goal is to use forward currency contracts to eliminate the currency exposure of the estimated cash flow of these currencies for a period of three months.

DerivativesCurrency instruments – Currency forward contracts


Nominal value 448 2,970

Fair value 5 14

F-Secure Corporation has hedged receivables denominated in GBP with forward rate contracts. The forward rate contracts expire on January 15, 2018. The company does not have other derivatives.

F-Secure Corporation does not hedge investements made in its subsidiaries because the impact of changes of exchange rates would not be relevant in the Group’s balance sheet.

33


Consolidated 2017 Consolidated 2016

Sales in different currencies % %

EUR 69 69

SEK, GBP 7 7

USD, JPY 17 16

Other currencies 7 7

100 100

The risk involved in the sales in foreign currency is notabaly diminished by the operational expenses in subsidiaries that use the same currency.

Financial assets and liablilities in different currencies % %

EUR 70 75

SEK, GBP 5 5

USD, JPY 14 12

Other currencies 10 8

100 100

The table below demonstrates how sensitive the Group’s profit before taxes is to reasonably possible changes in the USD, JPY, SEK, GBP and BRL exchange rate, assuming that all other variables are held constant. The analysis is based +/– 10% exchange rate change on trade receivables and does not include forward currency contracts.

USD, JPY +672/–672 +550/–550

GBP, SEK +316/–316 +293/–293

BRL +8/–8 +237/–237

Interest rate riskThe Group does not have any interest bearing liabilities. Based on the Group’s conservative investment policy, it invests its cash mainly in short term and low risk funds. Investments are made in creditworthy funds. These available-for-sale investments are exposed to market risk for changes in interest risks.

The Group’s objective is to maintain a balance between continuity of funding and flexibility through the use of cash and available-for-sale financial assets. See note 17 and 18.

Capital managementThe Group’s shareholders’ equity is managed as capital. There are no external capital requirements related to the equity. The objective of the Group’s capital management is to maintain an efficient capital structure that ensures the functioning of business operations and promotes shareholder value. The Group’s capital structure is reviewed as a part of financial performance monitoring.

The capital structure can be adjusted among other things by distribution of dividends, share repurchase or capital repayment. The dividend policy of F-secure Corporation is to pay approximately half of its annual profit as dividend. Subject to circumstances, the Company may deviate from its policy.

24. OPERATING LEASE COMMITMENTS

The Group has entered into commercial leases on office space and on motor vehicles. Motor vehicle leases have an average life of three years and office space between two and six years with renewal terms included in the contracts.

Future minimum rentals payable under non-cancellable operating leases as at 31 December 2017 are as follows

As lessee


Within one year 5,924 5,989

After one year but not more than five years 7,777 11,482

Total 13,702 17,470

Rents during the period 5,180 5,569

25. CONTINGENT LIABILITIES


Other liabilities

Others 173 222

F-Secure is a party in some disputes and is defending itself accordingly. Currently the Company is not able to give an exact estimate of the likelihood or the amount of possible damages. Taking into account all available information to date the outcome is not expected to have a material impact on the financial position of the Group.

34


26. RELATED PARTY DISCLOSURES

The Group’s related parties include Parent Company and subsidiaries, as well as members of the Board, Managing Director and members of the Leadership Team.

Compensation of key management personnel of the Group


Wages and other short-term employee benefits 2,319 2,423

Share-based payments 1,014 768

Total 3,333 3,191

Wages and other short-term employee benefits


Managing Director 407 631

Leadership Team 1,687 1,513

Members of the Boards of Directors 225 279

2,319 2,423

Board of Directors 2017 and Managing Director

EUR 1,000 Wages FeesIncentive

reward

Samu Konttinen, Managing Director 407 312

Risto Siilasmaa, Chairman of the Board 55

Pertti Ervi 40

Matti Heikkonen 30

Sofie Nystrøm 30

Päivi Rekonen 30

Bruce Oreck 30

Ari Inki 10

Total 407 225 312

Incentive reward granted to Managing Director is measured as following; the equity-settled part to the fair value of the F-Secure Corporation share at the date which it was granted and cash-settled part to the fair value of the share on the date of balance sheet. The cost is recognized over the period in which the performance conditions are fullfilled 5 October 2017–31 December 2019.

The Managing Director’s retirement age and the determination of his pension conform to the standard rules specified by Finland’s Employee Pension Act (TYEL). The pension cost of the Managing Director over the period was 73 thousand euro (117 thousand euro in year 2016). The period of notice for the Managing Director is six (6) months both ways and Managing Director is entitled to severance payment equivalent of six (6) months’ salary.

27. SUBSIDIARIES

CompanyCountry of incorporation Group (%)

Parent F-Secure Corporation, Helsinki Finland

DF-Data Oy, Helsinki Finland 100

F-Secure Inc ., San Jose United States 100

F-Secure (UK) Ltd, London United Kingdom 100

F-Secure KK, Tokyo Japan 100

F-Secure GmbH, Munich Germany 100

F-Secure eStore GmbH, Munich Germany 100

F-Secure SARL, Maisons-Laffitte France 100

F-Secure SDC SAS, Bordeaux France 100

F-Secure BVBA, Heverlee-Leuven Belgium 100

F-Secure AB, Stockholm Sweden 100

F-Secure Srl, Milano Italy 100

F-Secure SP z .o .o .,Warsaw Poland 100

F-Secure Corporation (M) Sdn Bhd, Kuala Lumpur Malaysia 100

F-Secure Pvt Ltd, New Delhi India 100

F-Secure Pte Ltd, Singapore Singapore 100

F-Secure B .V ., Utrecht The Netherlands 100

F-Secure Limited, Hong Kong Hong Kong 100

F-Secure Pty Limited, Sydney Australia 100

F-Secure Iberia SL, Barcelona Spain 100

F-Secure do Brasil Tecnol . da Informãcao Ltda, Saõ Paulo Brazil 100

F-Secure Chile Limitada, Santiago Chile 100

F-Secure Informatica S de RL de CV, Mexico City Mexico 100

F-Secure Software (Shanghai) Co Ltd, Shanghai China 100

F-Secure Danmark A/S, Copenhagen Denmark 100

F-Secure Cyber Security Services Oy, Helsinki Finland 100

nSense Polska Sa, Poznan Poland 100

nSense Estonia OÛ, Tartu Estonia 100

F-Secure Norge AS, Baerum Norway 100

F-Secure Argentina S .R .L ., Buenos Aires Argentina 100

Inverse Path S .r .l ., Trieste Italy 100

Digital Assurance Consulting Limited, London United Kingdom 100

35


28. SHARES AND SHAREHOLDERS

Shares and share ownership distribution, December 31, 2017

SharesNumber of

shareholders% of share-

holders Total shares % of shares

1–100 4,359 19.81% 246,560 0.16%

101–1,000 13,631 61.95% 5,008,317 3.15%

1,001–50,000 3,946 17.93% 15,666,899 9.87%

50,001–100,000 28 0.13% 1,927,551 1.21%

100,001– 41 0.19% 135,949,412 85.61%

Total 22,005 100.00% 158,798,739 100.00%

Shareholders by category, December 31, 2017 Total shares % of shares

Corporations 6,779,286 4.27%

Financial and insurance institutions 51,792,681 32.62%

General government 16,427,310 10.34%

Non-profit organizations 409,342 0.26%

Households 82,374,471 51.87%

Other countries and international organizations 1,015,649 0.64%

Total 158,798,739 100.00%

Largest shareholders and administrative register

Owner Shares % of shares % of votes

Risto Siilasmaa 59,969,896 37.76% 38.27%

Nordea Nordic Small Cap Fund 8,074,856 5.08% 5.15%

Mandatum Life Insurance Company 6,791,936 4.28% 4.33%

Elo Mutual Pension Insurance Company 6,726,000 4.24% 4.29%

The State Pension Fund 3,500,000 2.20% 2.23%

Varma Mutual Pension Insurance Company 3,470,660 2.19% 2.21%

Kaleva Mutual Insurance Company 1,836,073 1.16% 1.17%

Nordea Pro Suomi Fund 1,602,616 1.01% 1.02%

Ilmarinen Mutual Pension Insurance Company 1,502,835 0.95% 0.96%

Taaleritehdas Mikro Markka Fund 1,325,557 0.83% 0.85%

Administrative register

Skandinaviska Enskilda Banken 15,905,641 10.02% 10.15%

Nordea Bank Ab Finnish Branch 12,280,695 7.73% 7.84%

Other registers 2,645,860 1.67% 1.69%

Other shareholders 31,081,085 19.57% 19.83%

Total 156,713,710 98.69% 100.00%

Own shares F-Secure Corporation 2,085,029 1.31%

Total 158,798,739 100.00%

Ownership of management

Board of Directors Shares % of shares

Risto Siilasmaa 59,969,896 37.76%

Pertti Ervi 51,036 0.03%

Matti Heikkonen 23,565 0.01%

Bruce Oreck 8,123 0.01%

Ari Inki 6,856 0.00%

Sofie Nystrøm 2,830 0.00%

Päivi Rekonen 2,830 0.00%

Total 60,065,136 37.82%

Executive team Shares % of shares

Samu Konttinen 82,103 0.05%

Mari Heusala 1,800 0.00%

Jari Still 100,657 0.06%

Mika Ståhlberg 29,263 0.02%

Eriikka Söderström 40,000 0.03%

Jens Thonke 166,359 0.10%

Total 420,182 0.26%

Ownership of managementThe Board of Directors owned a total of 60,065,136 shares on December 31, 2017. This represents 37.8 percent of the Company’s shares and 38.3 percent of votes.

36

F-SECURE 2017FINANCIAL STATEMENTS F-SECURE CORPORATION FINANCIAL STATEMENTS F-SECURE CORPORATION

EUR 1,000 FAS 2017 FAS 2016

NET SALES (1) 135,732 134,108

Material and service –6,676 –6,550

GROSS MARGIN 129,056 127,558

Other operating income (2) 3,907 5,947

Sales and marketing (3, 4) –79,944 –75,781

Research and development (3, 4) –31,517 –26,233

Administration (3, 4) –12,330 –10,237

OPERATING RESULT 9,173 21,254

Financial income and expenses (6) 1,039 1,403

PROFIT (LOSS) BEFORE APPROPRIATIONS AND TAXES 10,212 22,657

Change in depreciation reserve 542 –145

Income taxes (7) –558 –5,828

RESULT FOR THE FINANCIAL YEAR 10,196 16,684

INCOME STATEMENT JAN 1–DEC 31, 2017

37

F-SECURE 2017FINANCIAL STATEMENTS F-SECURE CORPORATION

EUR 1,000 FAS 2017 FAS 2016

ASSETS

NON-CURRENT ASSETS

Intangible assets (8) 14,735 13,456

Tangible assets (8) 1,610 1,947

Investments in group companies (9) 23,353 18,581

Total non-current assets 39,698 33,984

CURRENT ASSETS

Inventories (10) 588 109

Long-term receivables (11) 69 740

Short-term receivables (11) 52,901 45,768

Short-term investments (12) 53,924 63,670

Cash and bank accounts (13) 16,071 15,141

Total current assets 123,553 125,429

TOTAL ASSETS 163,251 159,413

EUR 1,000 FAS 2017 FAS 2016

SHAREHOLDERS’ EQUITY AND LIABILITIES

SHAREHOLDERS' EQUITY (14, 15)

Share capital 1,551 1,551

Share premium 165 165

Treasury shares –4,575 –5,741

Fair value reserve 983 1,077

Reserve for invested unrestricted equity 5,378 5,211

Retained earnings 45,377 47,443

Profit for the financial year 10,196 16,684

Total shareholders' equity 59,075 66,390

APPROPRIATIONS

Depreciation reserve 514 1,056

LIABILITIES

Deferred tax liabilities (17) 246 269

Long-term liabilities (17) 14,467 12,629

Short-term liabilities (17) 88,949 79,069

Total liabilities 103,662 91,967

TOTAL SHAREHOLDERS’ EQUITY AND LIABILITIES 163,251 159,413

BALANCE SHEET DEC 31, 2017

38


CASH FLOW STATEMENT JAN 1–DEC 31, 2017

EUR 1,000 FAS 2017 FAS 2016

Cash flow from operations

Result for the financial year 10,196 16,684

Adjustments

Depreciation and amortization 5,597 4,257

Profit / loss on sale of fixed assets –49 31

Other adjustments –260 2,373

Financial income and expenses –1,039 –1,403

Income taxes 568 5,828

Adjustments* 4,817 11,086

Cash flow from operations before change in working capital 15,013 27,770

Change in net working capital

Current receivables, increase (–), decrease (+) –5,560 482

Inventories, increase (–), decrease (+) –479 26

Non-interest bearing debt, increase (+), decrease (–) * 13,291 7,011

Cash flow from operations before financial items and taxes 22,265 35,289

Interest expenses paid –13 –1,003

Interest income received 996 83

Other financial income and expenses –59 –613

Income taxes paid –2,642 –12,753

Cash flow from operations 20,547 21,002

EUR 1,000 FAS 2017 FAS 2016


Investments in intangible and tangible assets –6,536 –8,073

Investments in subsidiary shares –4,939

Other investments –7,742 –9,527

Proceeds from sale of intangible and tangible assets 46 22

Proceeds from sale of other investments 18,397 11,731

Intercompany loans granted –80

Dividends received 7 11

Cash flow from investments –847 –5,837

Cash flow from financing activities

Dividends paid –18,751 –18,696

Cash flow from financing activities –18,751 –18,696

Change in cash 949 –3,531

Cash and bank at the beginning of the period 15,141 18,672

Cash and bank at period end 16,090 15,141

* Presentation of deferred revenue has been changed and the comparative year has been adjusted accordingly .

39


Ordinary repairs and maintenance costs are charged to the income statement during the financial period in which they are incurred. The cost of major renovations is included in the assets’ carrying amount when it is probable that the Company will derive future economic benefits in excess of the originally assessed standard or performance of the existing asset. Any gain or loss arising on derecognition of the asset (calculated as the difference between the net disposal proceeds and the carrying amount of the asset) is included in the income statement in the year the asset is derecognized.

Research and development costsResearch expenditure is recognized as an expense at the time it is incurred. Development expenditures incurred on individual projects of totally new products or product versions with significant new features are capitalized.

InventoriesInventories are valued either by cost or net realizable value, whichever is lower. Cost is determined by first-in first-out method. Net realizable value is the estimated selling price that is obtainable, less estimated costs of completion and the estimated costs necessary to make the sale.

LeasesLeases where the lessor retains substantially all the risks and benefits of ownership of the asset are classified as operating leases. Operating lease payments are recognized as an expense in the income statement on a straight-line basis over the lease term. The Company has only operating leases.

PensionsPension arrangement is a local statutory arrangement, which is a defined contribution plan. Contributions to defined contribu-tion plans are recognized in income statement in the period to which the contributions relate. The Company recognizes the disability commitment of TyEL pension plan when disability appears.

Basic informationF-Secure produces online security and privacy services for consumers and businesses against malware and other threats.

F-Secure Corporation is the parent company of F-Secure Group, incorporated in Finland and domiciled in Helsinki. Company’s registered address is Tammasaarenkatu 7, 00180 Helsinki. Copy of consolidated financial statements can be downloaded from www.f-secure.com or can be received from the Company’s registered address.

ACCOUNTING PRINCIPLESThe financial statement of F-Secure Corporation has been prepared in accordance with Finnish Accounting Standards (FAS).

Foreign currency translationForeign currency transactions are translated into the local currency using fixed monthly exchange rates. At the balance sheet date, assets and liabilities denominated in foreign currencies are translated at the European Central Bank rates of exchange prevailing at that date. Exchange rate gains and losses of financial transactions are recognized in the income statement under financial items. Forward rate contracts for hedging purposes are recognized using the exchange rate prevailing at the balance sheet date.

Tangible and intangible assetsIntangible assets include intangible rights and software licenses. Intangible assets recognized on merger consist of technology-based intangible assets. Tangible and intangible assets are recorded at historical cost less accumulated deprecia-tion, amortization, and possible impairment. Depreciation and amortization is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of tangible and intangible assets are as follows:

Machinery and equipment 3–8 yearsCapitalized development costs 3–8 yearsIntangible rights 3–8 yearsIntangible assets 5–10 years

NOTES TO THE PARENT COMPANY FINANCIAL STATEMENTS

Share-based payment transactionsIn F-Secure’s industry it is common practice that incentives are provided to employees in the form of equity-settled share-based instruments. The Company has two kinds of incentive programs; a synthetic warrant-based program and a share-based program.

F-Secure’s synthetic warrant-based programs cover the Group’s key personnel. The synthetic warrant-based program is settled as cash-settled payments. The liability is valued at fair value at grant date and the expense is recognized evenly in the income statement over the vesting period. The Group revalues the liability to fair value at each reporting date. The fair value is determined by using the binomial model. The cumulative expense recognized at grant date is based on the Group’s estimate of the number of warrants that will ultimately vest at the end of the vesting period. If a person leaves the company before vesting, the warrant is forfeited. The Group updates its estimate of the ultimate number of warrants at each reporting date. Changes in the estimate are recorded in the income statement.

The share-based incentive program is targeted to the Company’s key personnel. The program is divided into an equity-settled and a cash-settled part. The cash-settled part is valued at fair value at grant date, and the expense is recognized evenly in the income statement over the vesting period with the counter-entry in liabilities. The cash-settled part is revalued to fair value at each reporting date. The cumulative expense recognized at grant date is based on the Group’s estimate of the number of shares that will ultimately vest at the end of the vesting period. If a person leaves the company before vesting, the reward is forfeited. The Group updates its estimate of the ultimate number of shares at each reporting date. These changes in the estimate are recorded in the income statement. The share-settled part is valued at fair value and recorded as an expense in the income statement at the end of the vesting period. Fair value is defined using the market value of the share of F-Secure Corporation.

40


Income taxesCurrent income taxes are calculated in accordance with the local tax and accounting rules. Deferred taxes, resulting from temporary differences between the financial statement and the income tax basis of assets and liabilities, use the enacted tax rates in effect in the years in which the differences are expected to reverse.

Revenue recognitionRevenue is derived from corporate and consumer businesses. Corporate security business revenue includes cyber security products, managed services, and cyber security consulting. Cyber security products comprise endpoint protection solutions (Protection Service for Business, Business Suite), as well as solutions targeted at detecting and responding to advanced attacks (Rapid Detection Service, RDS) and vulner-ability management (F-Secure Radar), which may be sold either as cyber security products or as managed services. Consumer security business revenue comes through operator and direct consumer channels, and the main products include F-Secure SAFE, F-Secure Freedome, F-Secure KEY, and F-Secure SENSE.

Cyber security product sales include license sales. In the corporate and direct consumer businesses, license agreements consist of initial license agreements and periodic maintenance agreements covering product updates and customer support. License fee revenue included in those agreements is recognized when the product is initially delivered, whereas the license agreements’ maintenance revenue is recognized over the maintenance period. In the operator business, most of the license sales are usage-based and booked based on usage reports, but there are also fixed price operator agreements. The terms of these agreements vary significantly and their revenue recognition is therefore defined case-by-case.

Revenue and costs of fixed-price consulting projects are recognized as revenue and expenditure on the basis of the percentage of completion when the outcome of the project can be reliably estimated. The percentage of completion of the project is specified as the proportion of cost occurred

compared to total estimated contract costs. When it is likely that the total costs required for completing the project exceed the total revenue from the transaction, the expected loss is recognized as an expense immediately.


Other operating income Other operating income includes e.g. profits from the sales of fixed assets, rental revenue, and government grants received for research and development projects.

Presentation of expensesClassification of the functionally presented expenses has been made by presenting direct expenses in their respective functions and by allocating other expenses to operations on the basis of average headcount in each function.

Treasury sharesThe company has acquired treasury shares in 2008–2011. The purchase price of the shares has been deducted from equity.

Financial assetsShort-term investments are measured at fair value. Short-term investments consist of interest-bearing debt securities and shares in mutual funds invested in similar instruments. For assets that are actively traded in organized financial markets, fair value is determined by reference to Stock Exchange quoted market bid prices at the close of business on the balance sheet date. Assets, for which the fair value of which cannot be measured reliably, are recognized at cost less impairment. The fair value changes of short-term investments are recognized in shareholders’ equity under fair value reserve. When financial assets recognized as available-for-sale are sold, the accumulated fair value changes are released from equity and recognized in the income statement.

Cash and cash equivalents in the balance sheet comprise cash at bank and in hand and other highly liquid short-term investments.

41


1. NET SALES

EUR 1,000 FAS 2017 FAS 2016

Geographical information


Rest of Europe 68,400 68,294

North America 9,358 8,354

Rest of the world 13,876 14,080

Total 135,732 134,108

2. OTHER OPERATING INCOME

EUR 1,000 FAS 2017 FAS 2016

Rental revenue 65 67

Government grants 1,423 3,759

Other 2,419 2,121

Total 3,907 5,947

3. DEPRECIATION, AMORTIZATION, AND IMPAIRMENT

EUR 1,000 FAS 2017 FAS 2016Depreciation and amortization of non-current assets

Other intangible assets –1,582 –993

Capitalized development –3,021 –2,001

Intangible assets –4,603 –2,995

Machinery and equipment –994 –1,262

Tangible assets –994 –1,262


Depreciation and amortization by function

Sales and marketing –3,437 –1,613

Research and development –1,502 –2,509

Administration –658 –135


4. PERSONNEL EXPENSES

EUR 1,000 FAS 2017 FAS 2016

Personnel expenses

Wages and salaries –37,873 –34,408

Pension expenses –6,272 –6,019

Other social expenses –1,558 –2,130

Total –45,703 –42,557

Compensation of key management personnel

Wages and other short-term employee benefits –2,129 –2,240

Wages and other short-term employee benefits

Managing Directors –407 –631

Members of the Board of Directors –225 –279

Wages and other short-term employee benefits of the Board of Directors and Managing Director: see group disclosure 26. Related party disclosure.

The Managing Director’s retirement age and the determination of his pension conform to the standard rules specified by Finland’s Employee Pension Act (TYEL). The pension cost of the Managing Director over the period was 73 thousand euro (117 thousand euro in year 2016). The period of notice for the Managing Director is six (6) months both ways and Managing Director is entitled to severance payment equivalent of six (6) months’ salary.

FAS 2017 FAS 2016

Average number of personnel 541 555

Personnel by function Dec 31

Sales and marketing 244 230

Research and development 258 253

Administration 50 47

Total 552 530

5. AUDIT FEES

EUR 1,000 FAS 2017 FAS 2016

Audit fees, PricewaterhouseCoopers –173 –139

Audit related fees, PricewatehouseCoopers –9

Audit fees, Ernst&Young –78

Tax consulting, Ernst&Young 0 –65

Other consulting, PricewaterhouseCoopers –97 –77

Other consulting, Ernst&Young –43

Total –279 –403

42


6. FINANCIAL INCOME AND EXPENSES

EUR 1,000 FAS 2017 FAS 2016

Interest income 996 83

Interest expense –13 –11

Other financial income 1,025 581

Dividends 7 11

Exchange gains and losses –1,050 724

Other financial expenses 74 15

Total 1,039 1,403

8. NON-CURRENT ASSETS INTANGIBLE ASSETS TANGIBLE ASSETS

Other intangible Capitalized

developmentAdvance

payments TotalMachinery &

equipment Other tangible TotalAcquisition cost Jan 1, 2016 18,536 9,633 3,044 31,214 21,288 5 21,293

Additions 2,312 211 4,586 7,109 1,001 1,001

Transfers 3,526 –3,526 0

Disposals –1,125 –731 –1,856 –238 –238

Acquisition cost Dec 31, 2016 19,723 12,639 4,104 36,466 22,051 5 22,056

Additions 800 68 5,011 5,879 657 657

Transfers 2,966 4,047 –7,013 0

Disposals –10,045 –1,453 –11,498 –13,339 –13,338

Acquisition cost Dec 31, 2017 13,444 15,301 2,102 30,847 9,368 5 9,374

Acc . depreciation Jan 1, 2016 –16,142 –5,731 0 –21,871 –19,085 0 –19,085

Depreciation for the period –993 –2,001 –2,995 –1,262 –1,262

Acc . depreciation of disposals 1,125 731 1,856 238 238

Acc . depreciation Dec 31, 2016 –16,010 –7,001 0 –23,010 –20,108 0 –20,108

Depreciation for the period –1,582 –3,021 –4,603 –994 –994

Acc . depreciation of disposals 10,048 1,453 11,501 13,339 13,339

Acc . depreciation Dec 31, 2017 –7,544 –8,569 0 –16,112 –7,763 0 –7,763

Book value as at Dec 31, 2016 3,713 5,638 4,104 13,456 1,942 5 1,947

Book value as at Dec 31, 2017 5,900 6,734 2,102 14,735 1,605 5 1,610

7. INCOME TAXES

EUR 1,000 FAS 2017 FAS 2016

Income tax for the year –487 –5,740

Adjustments for income tax of prior periods –71 –87

Total –558 –5,828

43


9. INVESTMENTS IN GROUP COMPANIES

EUR 1,000Shares in group

companies Total

Book value as at Jan 1 18,581 18,581


Impairment –300 –300

Book value as at Dec 31 23,353 23,353

NameCountry of incorporation

Share of ownership (%)

Parent F-Secure Corporation, Helsinki Finland

DF-Data Oy, Helsinki Finland 100

F-Secure Inc ., San Jose United States 100

F-Secure (UK) Ltd, London United Kingdom 100

F-Secure KK, Tokyo Japan 100

F-Secure GmbH, München Germany 100

F-Secure eStore GmbH, München Germany 100

F-Secure SARL, Maisons-Laffitte France 98

F-Secure SDC SAS, Bordeaux France 100

F-Secure BVBA, Heverlee-Leuven Belgium 100

F-Secure AB, Stockholm Sweden 100

F-Secure Srl, Milano Italy 100

F-Secure SP z .o .o .,Warsaw Poland 100

F-Secure Corporation (M) Sdn Bhd, Kuala Lumpur Malaysia 100

F-Secure Pvt Ltd, New Delhi India 100

F-Secure Pte Ltd, Singapore Singapore 100

F-Secure B .V ., Utrecht Netherlands 100

F-Secure Limited, Hong Kong Hong Kong 100

F-Secure Pty Limited, Sydney Australia 100

F-Secure Iberia SL, Barcelona Spain 100

F-Secure Chile Limitada, Santiago Chile 99

F-Secure Informática S . de R .L . de C .V, Mexico City Mexico 99

F-Secure Danmark A/S, Copenhagen Denmark 100

Inverse Path Srl, Trieste Italy 100Digital Assurance Consulting Ltd, London United Kingdom 100

10. INVENTORIES

EUR 1,000 FAS 2017 FAS 2016

Other inventories 588 109

44


12. SHORT-TERM INVESTMENTS

Short-term investments consist of interest-bearing debt securities and shares in funds invested in similar instruments. For assets that are actively traded in organized financial markets, fair value is determined by reference to Stock Exchange quoted market bid prices at the close of business on the balance sheet date. Net asset value (NAV) is used as a practical expedient to measure fair value for the investments in non-listed funds. Assets, for which fair value cannot be measured reliably, are recognized at cost less impairment. The fair value changes of short-term investments are recognized in shareholders’ equity under fair value reserve.

EUR 1,000 FAS 2017 FAS 2016

Fair value as at Jan 1 63,670 64,437


Decreases –17,372 –11,152

Change in fair value –117 901

Impairment –43


Shares – unlisted 26 26

Shares – listed 157

Funds 53,898 63,487


Original purchase price as at Dec 31 52,695 62,325

13. CASH AND SHORT-TERM DEPOSITS

EUR 1,000 FAS 2017 FAS 2016

Cash at bank and in hand 16,071 15,141

11. RECEIVABLES

EUR 1,000 FAS 2017 FAS 2016

Non-current

Trade receivables


Total 69 69

Receivables from group companies

Other receivables 671

Total 0 671

Non-current receivables total 69 740

Current receivables




Prepaid expenses and accrued income 7,742 6,947

Total 35,515 31,764

Receivables from group companies



Other receivables 456

Prepaid expenses and accrued income 0 0

Total 17,386 14,004

Current receivables total 52,901 45,768

Material items included in prepaid expenses and accrued income

Prepaid royalty 2,507 2,982

Grant receivables 1,637 2,657

Other prepaid expenses 3,598 1,308

Total 7,742 6,947

45


14. STATEMENT OF CHANGES IN SHAREHOLDERS’ EQUITYParent Company FAS

EUR 1,000 Share capitalShare premium

fundTreasury

sharesFair value

reserve

Unrestricted equity

reserveRetained earnings Total equity

Equity Dec 31, 2015 1,551 165 –6,965 355 5,102 66,140 66,348

Available-for-sale financial assets, net 721 721


Dividend –18,696 –18,696

Other change 1,224 109 1,333

Equity Dec 31, 2016 1,551 165 –5,741 1,077 5,211 64,128 66,390

Available-for-sale financial assets, net –93 –93


Dividend –18,751 –18,751

Other change 1,166 167 1,333

Equity Dec 31, 2017 1,551 165 –4,575 983 5,378 55,573 59,075

46


15. SHAREHOLDERS’ EQUITY

The Company’s share capital amounted to 1,551,311 euro and the number of shares was 158,798,739 at the end of the year 2017. See group disclosure 19. Shareholders’ Equity.

Treasury sharesSee group disclosure 19. Shareholders’ Equity.

Distributable shareholders’ equity on December 31, 2017

EUR 1,000Unrestricted equity reserve 5,379

Retained earnings 40,803

Result of the financial year 10,196

Less capitalized development expense –6,734

Distributable shareholders' equity on December 31, 2017 49,644

16. SHARE-BASED PAYMENT TRANSACTIONS

See group disclosure 20. Share-based payment transactions.

17. LIABILITIES

EUR 1,000 FAS 2017 FAS 2016

Non-current liabilities

Deferred revenues 9,567 10,224

Deferred tax liabilites

Tax charged to shareholders' equity

– Change in fair value, available-for-sale 246 269

Other liabilities 3,217

Total 13,030 10,493

Liabilities to the group companies


Total 1,683 2,405

Total non-current liabilities 14,713 12,898

EUR 1,000 FAS 2017 FAS 2016

Current liabilities

Deferred revenues 36,427 30,647




Total 64,628 58,437

Other liabilites includes the purchase price of nSense as a deferred payment of EUR 1.3 million in shares.

Liabilities to the group companies

Advance payments 7,984 6,563


Other liabilities 101

Total 24,320 20,632

Total current liabilities 88,949 79,069

Material amounts shown under accruals and deferred income

Accrued personnel expenses 11,845 10,639

Deferred royalty 1,695 980


Accrued tax 956 1,856

Total 19,418 17,112

18. FINANCIAL RISK MANAGEMENT OBJECTIVES AND POLICIES

See Group disclosure 23. Financial risk management objectives and policies.

47


19. OPERATING LEASE COMMITMENTSThe Group has entered into commercial leases on office space and on motor vehicles. Motor vehicle leases have an average life of three years and office space between two and five years with renewal terms included in the contracts.

Future minimum rentals payable under non-cancellable operating leases as at 31 December are as follows:

As lessee

EUR 1,000 FAS 2017 FAS 2016

Within one year 3,106 3,262

After one year but not more than five years 5,406 8,078

Total 8,512 11,340

20. CONTINGENT LIABILITIES

EUR 1,000 FAS 2017 FAS 2016

Guarantees for other group companies 149 101

Other liabilities

Others 24 121

Derivatives see Group disclosure 23. Financial risk management objectives and policies.

21. SHARES AND SHAREHOLDERS

See Group disclosure 28. Shares and shareholders.

48


To the Annual General Meeting of F-Secure Oyj

Report on the Audit of the Financial Statements

Opinion

In our opinion

– the consolidated financial statements give a true and fair view of the group’s financial position and financial performance and cash flows in accordance with International Financial Reporting Standards (IFRS) as adopted by the EU

– the financial statements give a true and fair view of the parent company’s financial performance and financial position in accordance with the laws and regulations governing the preparation of the financial statements in Finland and comply with statutory requirements.

Our opinion is consistent with the additional report to the Audit Committee.

What we have audited

We have audited the financial statements of F-Secure Oyj (business identity code 0705579–2) for the year ended 31 December 2017. The financial statements comprise:

– the consolidated balance sheet, statement of comprehensive income, statement of changes in equity, statement of cash flows and notes, including a summary of significant accounting policies

– the parent company’s balance sheet, income statement, statement of cash flows and notes.

Basis for Opinion

We conducted our audit in accordance with good auditing practice in Finland. Our responsibili-ties under good auditing practice are further described in the Auditor’s Responsibilities for the Audit of the Financial Statements section of our report.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Independence

We are independent of the parent company and of the group companies in accordance with the ethical requirements that are applicable in Finland and are relevant to our audit, and we have fulfilled our other ethical responsibilities in accordance with these requirements.

To the best of our knowledge and belief, the non-audit services that we have provided to the parent company and to the group companies are in accordance with the applicable law and regulations in Finland and we have not provided non-audit services that are prohibited under

AUDITOR’S REPORT (Translation from the Finnish Original)

Article 5(1) of Regulation (EU) No 537/2014. The non-audit services that we have provided are disclosed in note 7 to the Financial Statements.

Our Audit Approach

Overview

– Overall group materiality: € 1 000 000, which represents 5% of average adjusted profit before tax for the last 3 years.

– Audit scope: We have audited parent company and we have performed audit procedures related to the most significant subsidiary. In addition, we have performed group level procedures over specific consolidated accounts and analytical procedures to assess unusual movements across all entities.

– Revenue recognition

– Capitalization of R&D costs

As part of designing our audit, we determined materiality and assessed the risks of material misstatement in the financial statements. In particular, we considered where management made subjective judgements; for example, in respect of significant accounting estimates that involved making assumptions and considering future events that are inherently uncertain.

Materiality

The scope of our audit was influenced by our application of materiality. An audit is designed to obtain reasonable assurance whether the financial statements are free from material misstate-ment. Misstatements may arise due to fraud or error. They are considered material if individually or in aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.

Based on our professional judgement, we determined certain quantitative thresholds for materiality, including the overall group materiality for the consolidated financial statements as set out in the table below. These, together with qualitative considerations, helped us to determine the scope of our audit and the nature, timing and extent of our audit procedures and to evaluate the effect of misstatements on the financial statements as a whole.

Materiality

Group scoping

Key audit matters

49


Overall group materiality € 1 000 000 (previous year € 1 200 000)

How we determined it 5% of average adjusted profit before tax for the last 3 years. Profit before tax is adjusted for accrued costs of earn-out payments related to acquisitions as those costs are considered as non-recurring in nature.

Rationale for the materiality benchmark applied

The group’s profitability decreased compared to the prior year due to significant investments in both product development and go-to-market strategy in 2017 to improve long-term profitability. Therefore, we chose average adjusted profit before tax for the last 3 years as the benchmark because, in our view, it is the benchmark against which the performance of the Group is most commonly measured by users, and is a generally accepted benchmark. We chose 5% which is within the range of acceptable quantitative materiality thresholds in auditing standards.

How we tailored our group audit scope

We tailored the scope of our audit, taking into account the structure of the Group, the accounting processes and controls, and the industry in which the Group operates.

Group operates globally through several legal entities. Group’s sales are mainly generated by the parent company and we have audited the parent company as part of our audit of the consolidated financial statements. In addition, we have performed audit procedures related to the most significant subsidiary. We have considered that the remaining subsidiaries don’t present a reasonable risk of material misstatement for consolidated financial statements and thus our procedures have been limited to targeted audit procedures over significant balances and to analytical procedures performed at Group level.

By performing the procedures above at legal entities, combined with additional procedures at the Group level, we have obtained sufficient and appropriate evidence regarding the financial information of the Group as a whole to provide a basis for our opinion on the consolidated financial statements.

Key Audit Matters

Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements of the current period. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.

As in all of our audits, we also addressed the risk of management override of internal controls, including among other matters consideration of whether there was evidence of bias that represented a risk of material misstatement due to fraud.

Key audit matter in the audit of the group

Revenue recognition

Refer to note 1 to the consolidated financial statements for the related disclosures.Revenue is derived from corporate and consumer businesses. Corporate security business

revenue includes cyber security products, managed services, and cyber security consulting. Consumer security business revenue comes through operator and direct consumer channels.

In the corporate and direct consumer businesses, license agreements consist of initial license agreements and periodic maintenance agreements covering product updates and customer support. License fee revenue included in those agreements is recognized when the product is initially delivered, whereas the license agreements’ maintenance revenue is recognized over the maintenance period. In the operator business, most of the license sales are usage-based and booked based on usage reports, but there are also fixed price operator agreements. The terms of these agreements vary significantly and their revenue recognition is therefore defined case-by-case.


Judgment is applied related to timing of revenue recognition of fixed priced operator agreements as those contracts are typically negotiated separately and different contract terms could have significant impact on revenue recognition. In addition, there is judgement involved in assessing timing of revenue recognition for other contracts especially related to allocation of license agreement revenues between license revenue and maintenance revenue.

Due to materiality and judgment associated with the timing of revenue recognition we have considered timing of revenue recognition as key audit matter in the audit of the Group.

This matter is a significant risks of material misstatement referred to in Article 10(2c) of Regulation (EU) No 537/2014.

How our audit addressed the key audit matter

We evaluated the design and tested the operating effectiveness of controls over revenue recognition.

We tested sample of invoices recognized during the year.We assessed appropriateness of the company’s revenue recognition policy and tested

sample of revenue agreements to ensure those have been recognized based on contractual terms and based on the company’s revenue recognition policy. We have also tested deferred revenue on a sample basis to assess appropriateness of revenue recognition.

In addition, we tested sample of fixed priced agreements.

50


Key audit matter in the audit of the group

Capitalization of R&D costs

Refer to note 12 to the consolidated financial statements for the related disclosures.Company’s research and development activities have increased due to focus on the

development of new products and product amendments both for corporate and consumer customers.

Capitalization of R&D costs requires use of judgment as capitalization requires estimating technical and economical feasibility of the product developed. In addition, there is judge-ment involved in assessing recoverability of capitalized R&D costs as future cash flows generated by these intangible assets needs to be estimated.

Due to materiality and judgment associated with capitalization of R&D costs, we have considered capitalization of R&D as key audit matter in the audit of the Group.

How our audit addressed the key audit matter

We assessed appropriateness of the company’s R&D capitalization policy.We evaluated the design and operating effectiveness of controls over R&D capitalization.We assessed whether capitalization criteria for R&D projects are met.We tested a sample of invoices and personnel related costs capitalized during the year.We evaluated the relevant assumptions used in the impairment testing of intangible assets,

focusing on the reasonableness of the forecasted economic information.We tested the accuracy of the management’s earlier estimates by performing subsequent

review.

We have no key audit matters to report with respect to our audit of the parent company financial statements.

There are no significant risks of material misstatement referred to in Article 10(2c) of Regulation (EU) No 537/2014 with respect to the consolidated financial statements or the parent company financial statements.

Responsibilities of the Board of Directors and the Managing Director for the Financial Statements

The Board of Directors and the Managing Director are responsible for the preparation of consolidated financial statements that give a true and fair view in accordance with International Financial Reporting Standards (IFRS) as adopted by the EU, and of financial statements that give a true and fair view in accordance with the laws and regulations governing the preparation of financial statements in Finland and comply with statutory requirements. The Board of Directors and the Managing Director are also responsible for such internal control as they determine is necessary to enable the preparation of financial statements that are free from material misstate-ment, whether due to fraud or error.

In preparing the financial statements, the Board of Directors and the Managing Director are responsible for assessing the parent company’s and the group’s ability to continue as a going

concern, disclosing, as applicable, matters relating to going concern and using the going concern basis of accounting. The financial statements are prepared using the going concern basis of accounting unless there is an intention to liquidate the parent company or the group or to cease operations, or there is no realistic alternative but to do so.

Auditor’s Responsibilities for the Audit of the Financial Statements

Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with good auditing practice will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements.

As part of an audit in accordance with good auditing practice, we exercise professional judgment and maintain professional skepticism throughout the audit. We also:

– Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.

– Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the parent company’s or the group’s internal control.

– Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by management.

– Conclude on the appropriateness of the Board of Directors’ and the Managing Director’s use of the going concern basis of accounting and based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the parent company’s or the group’s ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditor’s report to the related disclosures in the financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditor’s report. However, future events or conditions may cause the parent company or the group to cease to continue as a going concern.

– Evaluate the overall presentation, structure and content of the financial statements, including the disclosures, and whether the financial statements represent the underlying transactions and events so that the financial statements give a true and fair view.

– Obtain sufficient appropriate audit evidence regarding the financial information of the enti-ties or business activities within the group to express an opinion on the consolidated financial

51


statements. We are responsible for the direction, supervision and performance of the group audit. We remain solely responsible for our audit opinion.

We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied with relevant ethical requirements regarding independence, and to communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, related safeguards.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor’s report unless law or regulation precludes public disclosure about the matter or when, in extremely rare circumstances, we determine that a matter should not be communicated in our report because the adverse consequences of doing so would reasonably be expected to outweigh the public interest benefits of such communication.

Other Reporting Requirements

Appointment

We were first appointed as auditors by the annual general meeting on April 7th 2016. Our appointment represents a total period of uninterrupted engagement of two years.

Other Information

The Board of Directors and the Managing Director are responsible for the other information. The other information comprises the report of the Board of Directors and the information included in the Annual Report, but does not include the financial statements and our auditor’s report thereon. We have obtained the report of the Board of Directors prior to the date of this auditor’s report and the Annual Report is expected to be made available to us after that date.

Our opinion on the financial statements does not cover the other information.In connection with our audit of the financial statements, our responsibility is to read the other information identified above and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit, or otherwise appears to be materially misstated. With respect to the report of the Board of Directors, our responsibility also includes considering whether the report of the Board of Directors has been prepared in accordance with the applicable laws and regulations.

In our opinion

– the information in the report of the Board of Directors is consistent with the information in the financial statements

– the report of the Board of Directors has been prepared in accordance with the applicable laws and regulations.

If, based on the work we have performed on the other information that we obtained prior to the date of this auditor’s report, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard.

Helsinki February 8th 2018PricewaterhouseCoopers OyAuthorised Public Accountants

Janne RajalahtiAuthorised Public Accountant (KHT)

52

F-SECURE 2017

In the digital and connected world we currently live in, cyber attacks and malware have the ability to seriously damage global businesses, result in losses of hundreds of millions of euros, and even cause human suffering. For 30 years, F-Secure has been committed to helping people and businesses fight these cyber threats. Improving our customers’ security, resilience and the sustainability of their digital lives or businesses, is why we exist. We believe that through our core business and everyday actions we play a vital role in ensuring the functioning of modern society, and help to maintain trust between people and organizations. Internally, we emphasize the importance of a sense of fellowship among our employees, and we have always put a strong emphasis on shared core values.

STATEMENT OF NON-FINANCIAL INFORMATION

F-SECURE IS BUILT ON STRONG VALUES.

F-Secure is committed to sustainable practices in carrying out our business. Corporate responsibility is led by the CEO with the support of the Leadership Team, and with the Board of Directors approving the annual Statement of Non-financial Information. To ensure that corporate responsibility is integrated into all business operations, governance and compliance processes have been established.

This statement lists key areas of responsibility that are considered most material in accordance with the Finnish Accounting Act. Corresponding aspects have been listed in the company’s Code of Conduct, the summary of which is available on the company’s website. Each employee of F-Secure is expected to know and comply with this code and report any suspected violations that they become aware of according to the applicable whistle-blowing processes. F-Secure’s subcontractors are also requested to act in compliance with this code or a corresponding code of their own.

53

F-SECURE 2017

Every day, experts at F-Secure Labs analyze around 350,000 unique potential malware samples, equaling hundreds of potential new threats every second. Our cyber security consultants help many of the world’s leading companies to predict, prevent, detect and recover from the most advanced cyber attacks.

By combining sophisticated technology with machine learning and human expertise, F-Secure provides a compre-hensive offering of security products and cyber security services for both corporate customers as well as consumers.

For businesses, we offer vulnerability scanning and manage-ment solutions, endpoint protection products, detection and response solutions as well as comprehensive security and risk assessment services for top management, along with technical consulting. For consumers, we offer security and privacy solutions for all connected devices. Our products and services offer our customers best-in-class security as has been proven by several independent research institutions. For example, AV-TEST has given F-Secure the Best Protection award for

superior technology for five times during the past six years – no other company has achieved this.

We offer our products and services to defend thousands of companies and millions of people around the world through our network of around 200 telecommunications operators and thousands of IT service and retail partners. With our partner-led business model, trust has always been a cornerstone of all our operations.

F-Secure strives to cooperate with authorities and law enforcement to investigate online crime, and to bring criminals to justice. In fact, our security experts have participated in more European cybercrime investigations than any other company in the industry. That said, our products are always developed independent of governmental direction.

In our industry, it is critical that appropriate care is taken when handling customer information. Respecting customer privacy is an integral part of our company culture, and F-Secure has published its privacy principles on the company website. When protecting our customers against cyber threats, we

strive to do so with minimum risks to their privacy. All F-Secure employees commit to protecting the confidentiality of customer data, and we are currently implementing processes to ensure General Data Protection Regulation (GDPR) is complied with when processing personal data.

Material aspectsWhile we view improved security of our customers as our key contribution and impact to society, this report concentrates on information of environmental matters, social and employee-related matters, respect for human rights as well as anti-corruption and anti-bribery matters. Risks, risk management, applicable policies and due diligence processes, outcomes of policies, and key performance indicators have been listed for each of these aspects.

Within each aspect, we have tried to identify topics most relevant for F-Secure. If not otherwise stated, focus areas are material for the whole company.

Focus area Key aspects Policies Key performance indicator

CEO

and

the

Lead

ersh

ip T

eam

SOCIAL AND EMPLOYEES:We value our employees

– Securing the right competencies

– Ensuring equality, equal opportunity and diversity

– Ensuring the wellbeing of employees

Co

de o

f Con

duct

– Recruitment Policy

– Development and training guideline

– Co-operation review policy

– Harassment prevention policy

– Equality plan

Employee NPS score

ANTI-CORRUPTION AND HUMAN RIGHTS:We operate responsibly

– Fighting corruption and bribery

– Being responsible in procurement

– Supplier Code of Conduct

– Purchase order process

– Anti-corruption policy

Number of reported violations

ENVIRONMENT:We respect the planet

– Reducing energy consumption and waste in our offices

– Reducing energy consumption from IT operations

– Travelling sensibly

– Office Environmental Policy

– Travel policy

Total electricity consumption (kWh) in officesElectricity consumption (kWh), co-location servers

F-SECURE’S BUSINESS MODEL AND VALUE CREATION

54

F-SECURE 2017

As a whole, the cyber security industry is facing increasing competition and there is structural undersupply of suitable experts. Due to this, the most significant risk related to employee and social matters is the company’s ability to identify, attract, retain and develop talent to support the company’s growth. Additionally, in a rapidly evolving industry, the company must also be able to ensure employees constantly update their competences according to market needs. Other important employee-related issues include employee well-being, a healthy work-life balance, and ensuring equality and equal opportunities. F-Secure strives to:

– attract and retain the right competencies and enable people to develop themselves

– ensure everyone has equal opportunity to achieve their maximum potential

– ensure the wellbeing of each employee, and that everyone is valued and treated with respect

To measure success, the company biannually conducts an Employee Net Promoter Score (eNPS) survey among staff to measure employee loyalty.

Human Resources is responsible for developing people management processes, tools, and ways of working. The company’s Leadership Team is responsible for following up on the results of the eNPS survey and ensuring corrective action plans are developed.

Securing the right competencies and constant developmentSuccessful recruitment is crucial for F-Secure’s business success. Our aim is to ensure that we hire professionals with competencies that are in line with F-Secure’s business objectives, culture and values. An internal Global Recruiting policy gives guidance to managers to ensure consistency and equal treatment of candidates, as well as to provide candidates a positive experience with the company.

EMPLOYEE AND SOCIAL MATTERS:

WE VALUE OUR EMPLOYEES

F-Secure employs over 1,100 security experts, product developers, sales people and other employees globally. F-Secure’s HR practices emphasize the importance of fellowship, and the company has always put an emphasis on shared values.

After recruitment, the responsibility for competence development lies both with the individual employee and his or her manager, as well as with the company. An internal development and training guideline addresses the roles and responsibilities as well as practices related to learning and personal development.

At least once a year, each employee conducts a review discussion with their line manager. This review discussion includes a performance review, objective setting and a development discussion. As a result individual goals are set for personal development. The goal is that every employee completes their review annually. Going forward, F-Secure aims to implement rolling objective setting so goals can be updated during the year. An internal cooperation review policy addresses the responsibilities and practicalities of this process.

Developing the leadership skills of managers is a focus area. All F-Secure leaders participate in a leadership development program called Leadership Bridge during 2016–2018, which is strongly linked to F-Secure culture and strategy. During the same time, F-Secure leaders will also receive a 360-evaluation.

F-Secure has a number of development programs and training available for both managers and employees including:

– Leadership development programs

– Network mentoring programs

– Cyber security competence development

2017: The number of employees continued to increase as F-Secure recruited sales persons, product developers, cyber security consultants and other experts to support the company’s growth. In total the company saw a net addition of 78 employees throughout the year 2017.

To further develop the annual review discussion process, F-Secure introduced a new tool (Workday) enabling for example more dynamic objective setting and feedback possibilities.

At the end of 2017, 69% of leaders had participated in the company’s Leadership Bridge program.

55

F-SECURE 2017

Ensure equality, equal opportunities and diversityF-Secure employed people of 45 different nationalities at the end of 2017, the majority of which are also represented in the company headquarters. Our commitment to equality of opportunity is clearly explained in our Code of Conduct. F-Secure has prepared an equality plan for 2017–2018 which includes key elements for promoting equality in practice.

Employment is based solely upon individual merit and qualifications related to professional competence. We treat all of our employees, candi-dates, customers and business partners fairly and equally, without regard to sexual orientation, gender, race, religion and age, according to applicable laws and practices. We prohibit discrimination or harassment of any kind. An internal Harassment Prevention Policy gives instructions on how to manage potential violations.

Violations of any of the aforementioned policies are closely monitored. Violations must be reported either to the HR team, the Compliance Team or to the Board of Directors according to instructions given. The Compliance Team reviews all reported cases and decides on further actions. Third-party experts are consulted if necessary. Violations are reported as part of non-financial reporting where such third-party expert needs to be consulted. Decisions by the Compliance Team are presented to the Leadership team or the Board of Directors for corrective actions.

2017:No violations passing the reporting threshold were reported to the Compliance Team or Board of Directors during 2017.

Ensure the wellbeing of employeesIn ensuring the wellbeing of employees, F-Secure emphasizes the impor-tance of good leadership in addition to a preventative approach to health care.

Every employee globally is entitled to basic health care services, but practices vary locally. In certain regions, employees are provided with additional sports benefits, and extended health care services according to local practices. Also, in some locations there are additional benefits such as the possibility to arrange a caretaker for a sick child. The company allows for flexible working hours and the possibility of working remotely. F-Secure

offers voluntary wellbeing lectures and training for both employees and managers.

F-Secure closely monitors employee sick leaves. In case of longer sick leaves, the company supports employees, and assists them in returning back to work.

2017:In Finland, a Digi Clinic service was introduced to personnel, enabling employees to contact doctors or nurses 24/7.

56

F-SECURE 2017

ANTI-CORRUPTION AND HUMAN RIGHTS:

WE OPERATE RESPONSIBLY

F-Secure transacts with approximately 4,000 suppliers every year. While the majority of F-Secure’s business is considered to be in low-risk regions in terms of human rights violations, we acknowledge the need to stay alert for possible violations, and evaluate all new partnerships critically. Bribery and corruption are a risk for all companies, and have a detrimental impact on business by undermining good governance and distorting free markets.

We are committed to applying the highest standards of ethical conduct and integrity in our business activities. Similarly, we strive to minimize risks associated with our suppliers.

F-Secure respects human dignity and promotes human rights, and requires respect for the same principles from every F-Secure employee, including freedom of association, freedom of thought, conscience and religion and freedom of opinion and expression. Also, we do not tolerate working conditions that are in conflict with international conventions or practices and support Conventions of the International Labor Organization (ILO). This is clearly explained in our Code of Conduct.

Preventing corruption and briberyEvery employee and individual acting on F-Secure’s behalf is responsible for conducting company business honestly and professionally. We do not tolerate any form of bribery by, or of, our employees or any persons or companies acting for it or on our behalf.

The Code of Conduct explains F-Secure’s general commitment to ethical conduct. We have also issued a specific Anti-Bribery Policy that applies to all employees. It defines the rules to be applied related to gifts, hospitality, travelling and accommodation and specific terms concerning governmental officials as well as the process for escalation as needed. The company expects suppliers, subcontractors and partners to comply with the policy or a policy of their own – of similar or higher standard. Ethical practices are emphasized in contracts and the company engages in continuing dialogue with relevant stakeholders.

To evaluate success, F-Secure closely follows all reports of potential violations. Any suspected breaches must be reported, and each alleged violation is investigated in an appropriate and fair manner. Any breach will be dealt with according to relevant policies and laws.

Anti-corruption processes are managed by F-Secure’s legal team.

2017:No violations of Anti-Bribery were reported in 2017.

Responsible supplier managementThe majority of F-Secure’s suppliers are considered to be low risk. In terms of spending, the majority of suppliers provide operating services and marketing services, which represent over 50% of the total supplier spend. Operating services include outsourced sales and product development services, as well as royalties for third-party technology providers. Marketing services include local advertising, as well as search engine and social media advertising. Other significant suppliers include providers of production services, office space rental costs, management consulting, auditing, HR services, and IT equipment and licenses.

F-Secure has a Supplier Code of Conduct, which is a part of the F-Secure agreement template and included in all new agreements. The Supplier Code of Conduct covers both anti-corruption and bribery as well as human rights issues.

When considering new suppliers, each function evaluates the need for supplier auditing together with F-Secure’s procurement. F-Secure offers training to employees who select suppliers and are involved with preparing requests for proposals (RFP) or drafting agreements to enable them to assess the possible risks and take appropriate precautions.

If deemed necessary, the supplier will be issued with a detailed survey focusing on key issues, including responsible business procedures. The supplier must have a process in place to verify compliance towards the Supplier Code of Conduct and must participate in a self-assessment process organized by F-Secure if requested. F-Secure has the right to audit how suppliers and sub-contractors fulfill the Supplier Code of Conduct or corresponding requirements. For any identified non-compliances with the Code of Conduct, the supplier must provide a corrective action plan to be approved by F-Secure.

2017:No violations of the Supplier Code of Conduct were reported in 2017.

F-Secure implemented a new Purchase Order Process to have better visibility of spending and vendors and to mitigate risks. The Request For Proposal (RFP) template was updated to better take into account risks.

57

F-SECURE 2017

ENVIRONMENTAL MATTERS:

RESPECT FOR THE PLANET

The majority of F-Secure’s business activities involve the development, production and delivery of software and professional services. Due to this, the company’s direct environmental impact is limited, and associated risks to the environment are not considered significant. The company’s environmental footprint derives primarily from the use of electricity for office activities – including heating and cooling – as well as the use of electricity from IT operations. Additionally CO2-emissions are created by business travel, and a limited amount of waste is generated by office activities.

F-Secure acknowledges climate change and other environmental impacts are both global as well as local concerns, and the company strives to mini-mize its impact. F-Secure has a precautionary approach to environmental challenges, as stated in our Code of Conduct. We seek to ensure compliance with local legislation, and aim to continuously increase the energy efficiency of our operations and reduce the amount of waste. Where possible and practical, we give preference to ecologically sound suppliers’ products and services. Only a very limited amount F-Secure’s sales involve physical products, and when they do, packages are made from recycled materials.

To evaluate our success in limiting our environmental impact, F-Secure conducts an annual energy review to estimate our total direct consumption of electricity at the company level.

2017:F-Secure started to systematically calculate direct electricity use at the company level including office energy consumption, travelling and internal server activity. Outsourced third-party servers are excluded due to the unavailability of data.

Reducing energy consumption and waste in our officesF-Secure has offices in 23 locations globally. The majority of operations are concentrated in Helsinki and Oulu in Finland, Kuala Lumpur in Malaysia, Poznan in Poland and a number of smaller offices throughout Europe, Asia and the Americas.

The company rents office facilities from local real estate providers. Typically a lease agreement includes service charges for electricity and heating, as well as handling of a limited amount of waste generated by office

activities. Paper, bio and energy waste are primarily recycled according to local practices. Hazardous waste consists solely of batteries, which are disposed of at suitable recycling points. Electronic waste is recycled carefully and, as appropriate, with careful attention to ensuring confidential waste is specifically managed. Confidential paper waste is also managed with special care.

The company has a new Office Environmental Policy, which sets out the principles of the company’s approach to protecting the environment. The policy also sets out in detail the steps the company and all employees should take to comply with the rule, and improve the environmental efficiency of our operations.

Office processes are managed by F-Secure’s HR & Office Services team.

2017:The company created a new Office Environmental Policy which will be implemented in 2018.

Office services also initiated a discussion at each company office about environmental best practices, with the aim of developing improvement plans. We have also challenged our premises’ owners to provide electricity from renewable sources. During 2018 F-Secure will roll out an environ-mental impact improvement program at each location to monitor and measure concrete steps taken.

Reducing the energy consumption of IT operationsF-Secure uses both private servers and third-party cloud platforms to develop and run its services.

Currently, approximately 70% of the computing capacity is in co-location facilities, where F-Secure also operates the infrastructure. With third-party cloud platforms, F-Secure mainly partners with Amazon Web Services (AWS).

In co-location facilities, F-Secure is able to directly measure electricity consumption on a monthly basis. F-Secure utilizes server hardware with good energy efficiency (Energy Star), and in Finland the company’s main data center vendor is 100% powered by wind energy.

For third-party providers, electricity consumption data is not available, as electricity costs are part of the overall service contract. That said, Amazon, the main service partner, has publicly announced a goal of being 100% powered by renewable energy (50% in 2017).

58

F-SECURE 2017

Going forward, F-Secure plans to increase the use of third-party and decrease the amount of privately operated co-location servers. The transition is expected to increase the company’s overall energy efficiency and lower total consumption, as third-party providers are running the more energy efficient servers.

All computing capacity is centrally managed by the Production & IT unit.

2017:F-Secure continued to increasingly outsource the company’s server activity. The transition is expected to increase the company’s overall energy efficiency.

Travelling sensiblyAs F-Secure’s business grows and expands geographically, more travelling to customer premises is often required.

F-Secure has a Travel policy, which aims to reduce the environmental impact of travelling, minimizing energy consumption and emissions by choosing environmentally friendly means of travelling. The policy requires a pre-approval of employee travels, and the policy also encourages employees to use online conferencing tools when collaborating with our internal and external stakeholders. When travelling, the company recommends using public transport when feasible and train instead of flights.

In order to have better management of the overall travel and travel management, F-Secure is consolidating the company’s travel agency agreements from country-specific solutions to a centralized solution.

59

F-SECURE 2017

EMPLOYEE AND SOCIALKey perforce indicator Decription 2017

Employee Net Promoter Score 1) Key performance indicator of overall employee wellbeing .

H1: 9H2: 13

1) The Net Promoter Score measures employee satisfaction by asking people how likely it is that they would recommend F-Secure as an employer . The score is derived by deducting the share of employees giving low scores (0 to 6, “detractors”) from the share of employees giving high scores (9 to 10, “promoters”) . Scores from 7 to 8 are considered neutral .

2017: During the year, F-Secure’s overall Employee Net Promoter Score developed positively from the first half-year (eNPS: 9) to the second (eNPS:13). Key driver behind the improvement was that the share of detractors decreased while the share of promoters was at previous year’s level.

Other metrics 2017Number of employees 1,104Share of women, of total employees 22.7%Share of women, of managers 2) 15.9%Sick leaves, % 3) 3.11%

2) Includes line managers3) Sick leave percentage is the average amount of sick days per employee . The figure includes only personnel in Finland, which represents approximately half of the company’s total employees .

2017: During the year, F-Secure continued efforts to recruit more female employees and managers. That said, the industry is facing a common challenge in the low availability of female experts in cyber security which originates from the skewed gender distribution among students in technology .

ENVIRONMENTAL Key performance indicator Decription 2017

Electricity consumption, co-location servers, MWh 1)

Key performance indicator for the transition to more efficient computing .

1,564 MWh

Electricity consumption, offices, MWh 2)

Key performance indicator for increasing energy efficiency in offices .

1,322 MWh

Other metricsTravelling emission, CO2, 1,000 kg 3) 559,5 tons CO2

2017: F-Secure has a very limited environmental impact due to the nature of our business. As F-Secure did not collect data on electricity consumption or emissions prior to 2017, there are no comparison figures available to judge progress during the year.

1) The electricity consumption of co-location servers includes two server facilities in undisclosed locations . 2) The electricity consumption of offices includes approximately 85% of F-Secure’s offices, as a percentage of total employees . Excluded offices are Oulu (Finland), Paris (France), St . Petersburg (Russia), London (UK), New Jersey (US), San Jose (US), Trieste (Italy), Berlin (Germany) and Utrecht (Netherlands) . 3) The CO2 emissions from travelling include only air travel and are based on calculations provided by the company’s travel agency .

Table section

60

F-SECURE 2017

Board of DirectorsThe objective of the Board of Directors is to direct the Company with the aim of achieving the best possible return on invested capital for shareholders in the long term.

The Board’s responsibilities and duties are defined in detail in the Board’s Charter (available on the Company website) and cover the following main areas:

– approving the strategy of F-Secure, overseeing its opera-tions and annual budgets

– approving any major investments, acquisitions, changes in corporate structure or other significant decisions

– ensuring that the supervision of the Company’s accounting and financial management is duly organized

– ensuring that internal control and risk management systems are in place

– approving personnel policies and rewards systems

– preparing matters to be handled by the General Meeting

The Board of Directors meets as frequently as necessary, at least five times during its term. The Board of Directors has quorum when more than half of the members are present. An annual self-assessment is carried out by the Board to evaluate its operations.

In accordance with F-Secure’s Articles of Association, the Board of Directors comprises three to seven members, which are elected at the Annual General Meeting for a period of office that extends to the following AGM. The majority of Board members shall be independent from the Company and from its major shareholders.

One member of the Board of Directors is elected from F-Secure Corporation’s personnel in the following manner: an election is arranged for F-Secure personnel. Each permanent employee of F-Secure Corporation is eligible as a candidate. The Personnel Committee interviews three persons who have obtained the highest number of votes in the elections, and chooses a candidate from amongst them to be proposed for

GENERAL GOVERNING PRINCIPLESF-Secure’s corporate governance practices comply with applicable Finnish laws as well as the rules, regulations and guidelines of Nasdaq Helsinki Oy and the Finnish Financial Supervisory Authority. This statement has been prepared in accordance with the Finnish Corporate Governance Code (publicly available at http://cgfinland.fi/en/) issued by the Securities Market Association of Finland in 2015.

Up-to-date information about F-Secure’s governance is available on the Company’s website at www.f-secure.com/investors.

GOVERNING BODIESF-Secure’s highest decision-making body is the General Meeting of Shareholders. The Board of Directors is responsible for F-Secure’s strategy and overseeing and monitoring the Company’s business. The CEO, assisted by the Leadership Team, is responsible for managing the Company’s business and implementing its strategic and operational targets.

General Meeting of ShareholdersUnder the Limited Liability Companies Act, shareholders exercise their decision-making power at the General Meetings.

The General Meeting is normally held once a year as an Annual General Meeting (AGM). A shareholder may propose

Auditors

ExternaI control Internal control

General meetinq of shareholders

CEO

Leadership team

Board of Directors

Personnel committee Audit committee

Internal controls and processes

Risk management

items to be included on the agenda provided they are within the authority of the meeting and the Board of Directors has been informed of the requests in due time. The invitation to the AGM is published on the Company’s website.

The AGM decides on matters stipulated by the Company’s Articles of Association and the Limited Liability Companies Act, including:

– the adoption of the Financial Statements

– the distribution of profit for the year

– discharging the members of the Board of Directors and CEO from liability

– the selection of members of the Board and the decision on their remuneration

– the election of the auditor and the decision on auditor’s remuneration, and

– other proposals made by the Board or shareholders

Each share carries one vote in the General Meeting.

2017: The AGM was held on 5 April 2017 at F-Secure premises in Helsinki.

Further details on the resolutions by the AGM are available on the Company website (release published on 5 April 2017) and in the Board of Directors report in the Annual Report.

F-SECURE’S CORPORATE GOVERNANCE STATEMENT 2017

61

F-SECURE 2017

Members of the Board of Directors

MembersIndependence of the Company

Independence of major shareholders

Board (Meeting attendance)

Audit Committee (Meeting attendance)

Personnel Committee(Meeting attendance)

Risto Siilasmaa Yes No1) Chairman (13/13) Chairman (4/4)

Pertti Ervi Yes Yes Vice Chairman (13/13) Chairman (5/5)

Ari Inki (as of 5 Apr 2017) No2) Yes Member (6/7) Member (4/4)

Jussi Arovaara (until 5 Apr 2017) Yes Yes Member (6/6) Member (1/1)

Matti Heikkonen Yes Yes Member (11/13) Member (3/4)

Anu Nissinen (until 5 Apr 2017) Yes Yes Member (6/6) Member (1/1) Member (2/2)

Sofie Nystøm (as of 5 Apr 2017) Yes Yes Member (6/7) Member (4/4)

Bruce Oreck Yes Yes Member (11/13) Member (1/2) Member (3/4)

Janne Pirttilahti (until 5 Apr 2017) No2) Yes Member (6/6) Member (1/1)

Päivi Rekonen (as of 5 Apr 2017) Yes Yes Member (7/7) Member (4/4)

1) Risto Siilasmaa is the founder of F-Secure and on 31 December 2017 owned 37.76% of F-Secure shares .2) Janne Pirttilahti was elected from F-Secure Corporation’s personnel, according to the process described below in 2016 . Ari Inki was elected according to the same process in 2017 .

election as a new member of the Board by the Annual General Meeting.

The Board’s Personnel Committee prepares the proposals for board candidates to be approved by the shareholders at the General Meeting. Proposals are based on candidates’ skills and qualifications and on maintaining diversity on the Board of Directors. Currently both genders are represented in the Board of Directors.

For a detailed description of the members of the Board of Directors and their shareholdings see pages 66–68.

Board CommitteesThe Board has two permanent Committees: Audit Committee and Personnel Committee (nomination and remuneration issues). The duties of both Committees are defined in their charters, available on the Company’s website.

Audit Committee

The Audit Committee reviews, instructs and evaluates risk management, internal controls, IT strategy and practices, financial reporting as well as auditing of the accounts. The Audit Committee also prepares proposal for the election of auditor to the Board of Directors and regularly considers the need for a separate internal audit function. Members of the

Audit Committee must have broad business knowledge, as well as an adequate knowledge of and experience in financial and supervisory matters.

Members of the Audit Committee are listed in the table in the previous section. According to the Finnish Corporate Governance Code, majority of the members of an audit committee must be independent of the company.

Personnel Committee

The Personnel Committee prepares material and instructs with issues related to the composition and compensation of the Board of Directors and the remuneration and incentives of key managerial personnel. The Committee also prepares the proposals for the Board composition and remuneration for the Annual General Meeting of Shareholders.

Members of the Personnel Committee are listed in the table in the previous section.

2017: The Executive Committee was renamed Personnel Committee at the Annual General Meeting.

President and CEOThe Board of Directors appoints the CEO and decides upon his/her remuneration and other benefits. The CEO is responsible for the day-to-day management of the Company. His/her duties include:

– managing the business according to the instructions issued by the Board of Directors

– presenting the matters to be handled in the Board of Directors’ meetings

– implementing the decisions made by the Board of Directors

– other duties determined in the Limited Liability Companies Act

For a description of the CEO and his shareholdings see page 69 and for his remuneration see Annual Report, Notes to financial statements, 26. Related party disclosures.

62

F-SECURE 2017

Leadership TeamThe Leadership Team supports the CEO in the daily operative management and development of the Company. The CEO appoints the Leadership Team members and decides upon the terms and conditions of their employment.

2017: Members of the Company’s Leadership Team on 31 December 2017 were:

– Samu Konttinen, CEO

– Mari Heusala, Executive Vice President, Human Resources and Office Services

– Kristian Järnefelt, Executive Vice President, Consumer Business Unit

– Eriikka Söderström, Chief Financial Officer

– Jyrki Rosenberg, Executive Vice President, Corporate Security Business Unit

– Jari Still, Vice President, Chief Information Officer

– Mika Ståhlberg, Chief Technology Officer

– Jens Thonke, Executive Vice President, Cyber Security Services

– Jyrki Tulokas, Executive Vice President, Strategy & Corporate Development

Current information on the F-Secure Leadership Team can be found on our website: www.f-secure.com/investors.

For descriptions of all members of the Leadership Team during 2017 their roles, respective membership periods and shareholdings see pages 69–71 this document.

Management remunerationCompensation of key management personnel of the Group:

2017 2016

Wages and other short-term employee benefits 2,319 2,423

CEO 407 6311)

Other Leadership Team members 1,687 1,513

Members of the Boards of Directors 225 279

Share-based payments 1,014 768

Total 3,333 3,191

1) Includes the remuneration of two CEOs . In August 2016 Samu Konttinen became the Company CEO, replacing Christian Fredrikson .

Compensation for the CEO in 2017

Wages Fees Incentive reward

Samu Konttinen, CEO 407 312

Compensation for the Board of Directors in 2017

Wages Fees Incentive reward

Risto Siilasmaa, Chairman of the Board 55

Pertti Ervi 40

Matti Heikkonen 30

Sofie Nystrøm (as of 5 Apr 2017) 30

Päivi Rekonen (as of 5 Apr 2017) 30

Bruce Oreck 30

Ari Inki (as of 5 Apr 2017) 10

Total 225

63

F-SECURE 2017

CONTROLS AND OTHER GOVERNANCE ISSUESMAIN FEATURES OF INTERNAL CONTROL AND RISK MANAGEMENT SYSTEMS PERTAINING TO THE FINANCIAL REPORTING PROCESS

Risk managementThe objective of F-Secure’s risk management is to ensure a current, correct and holistic understanding and prioritized management of key uncertainties related to strategy implementation and business operations. The process and risk management methods in use are constantly developed to respond to the changing needs of the company. During 2017 the development was concentrated on the risk management framework and a new model considering the following three risk categories was taken in use.

– Strategic risks: Risks related to strategic objectives and competitive environment, managed by the leadership team and board of directors

– Business risks: Risks that threaten the achievement of the business objectives, identified and managed by the organizational units as part of the operational planning and management

– Operational risks: Risks relating to the company’s daily operations and processes as well as to potential disruptions, managed within the organizational units

The objective in organizing the risk management process has been to empower the organization to identify and manage risks. This approach enables understanding of risk management objectives and distribution of responsibility for risk manage-ment decisions making in adequate level of the organization.

Different risk modelling and quantification methods developed by the F-Secure risk management consulting services are used to identify and analyze the risks when appropriate. During 2017, a new method for risk quantification was taken in use to analyze selected risks. Financial quantification is useful to analyze cases where the risk consequence has high variation. In these cases, it is adequate to create good understanding of the different outcome

options of the realization of risk prior to deciding on the risk treatment strategy.

The most significant risks and their treatment strategies are reported annually to the Audit Committee of the Board of Directors.

The most significant risksRisks are defined as uncertainties which can impact the achievement of the Company’s short and long term objectives. Risks are assessed as a combination of probability and impact.

Endpoint protection market disruption

Endpoint security market is highly competitive. Operating system manufacturers have increased their focus to built-in security features and at the same time new vendors and technologies have emerged. Successful security vendors must have in-depth understanding of cyber security threat landscape, hacker techniques and technologies used as well as continue to innovate in defense technologies.

Market Consolidation

The cyber security market is consolidating due to economies of scale. Companies have to succeed in choosing the right acquisition targets, as well as successfully integrate target companies.

Failure to innovate and develop new technologies

In a rapidly evolving industry it is vital to keep the products and services relevant to the customers while introducing new technologies to the market. The Company is driving technology simplification and R&D effectivization initiatives as well as investments to artificial intelligence to ensure a competitive product portfolio.

Failure to attract and retain talent

Competition for capable personnel is increasing and there is structural undersupply of talent in the security industry. The Company is thus further developing and adopting new ways of recruitment, building its own talent and knowledge pools and investing to training and development of personnel.

Other notable risks

Other risks that affect the F-Secure business include but are not limited to:

– Intellectual property (IPR) claims against F-Secure

– Risk exposure from contractual liability requirements

– Failure of new product launches

– Potential security threats related to F-Secure’s products and services

– Credit risk due to regional political or financial climate and regulation

– Tax risk relating to changing laws and regulations and inter-pretations of said regulations by the relevant authorities

2017: F-Secure has continued the development of the risk management process. The objective has been to empower the organization to identify and manage risks more effectively through the adoption of new risk modelling and quantification methods .

Internal controlThe purpose of Internal Control is to ensure that operations are effective and aligned with the strategy, and that financial reporting and management information is reliable and in compliance with applicable regulations and operating principles.

Internal control consists of all the guidelines, policies, processes, practices and relevant information about organiza-tional structure that help ensure that the business conduct is in compliance with all applicable regulations. The purpose of internal control is also to ensure that accounting and financial information provides a true and accurate reflection of the activities and financial situation of the company. Actual perfor-mance is monitored against sales and cost targets by operative reporting systems on a daily, weekly, or monthly basis.

The Company constantly monitors its key financial processes linked to sales, revenue, costs and profitability as well as incoming and outgoing payment transactions. If any inconsistencies appear, the issues are handled without delay. The Company’s finance department is responsible for the consistency and reliability of internal control methods. The

64

F-SECURE 2017

finance team works in close cooperation with the CFO and businesses, providing relevant data for business planning purposes and sales estimates. The team also regularly assesses and monitors the reliability of estimates and revenue recognition.

2017: F-Secure implemented a new integrated Finance and Human Resources ERP system that has further improved internal processes and controls.

Internal auditF-Secure’s Audit Committee considers regularly the need for and appropriateness of a separate Internal Audit function. To date, the Audit Committee has concluded that, due to the size, organizational structure and largely centrally controlled financial management of the Company, a separate Internal Audit function is not necessary.

In the absence of an Internal Audit function, attention is paid to periodical review of the written guidelines and policies concerning accounting, reporting, documentation, authorization, risk management, internal control and other relevant matters in all departments. Related controls are also tested from time to time. The guidelines and policies are coordinated by the Company’s finance department with active involvement by the legal team.

The absence of a separate Internal Audit function is considered when defining the scope of the Company’s external audit. Where necessary, the Board may also purchase Internal Audit services from an external provider.

To facilitate transparency and exchange of information on Internal Audit related matters, the financial management team has frequent meetings with the auditors. The Audit Committee also meets regularly with the auditors and head of the Company’s legal team to discuss related matters of their areas of responsibility.

The Company has taken into use two direct lines for all employees to notify the Board and Leadership Team of any unethical activity or abuse.

Insider issuesF-Secure’s IR-function is in charge of the company’s insider issues, with the exception of project based insider issues, which are managed by the Legal department. The Company follows the insider regulations of Nasdaq Helsinki Oy and has adopted the new Market Abuse Regulations (EU, N:o 596/2014, ”MAR”), which came into force on 3 July 2016. F-Secure has published an internal guideline on insider issues and regularly trains employees and management on insider issues.

Insider registries

F-Secure maintains three separate lists of insiders and other persons relevant for insider issues:

– project based insiders (maintained by the Legal team)

– list of persons discharging managerial responsibilities, as well as persons closely associated with them, as specified by MAR

– other insiders, including people participating in the preparation of financial reporting or otherwise having access to significant non-published financial information.

Managers’ transactions

Persons discharging managerial responsibilities (“Managers”) comprise the Board of Directors, the CEO, the CFO and other members of the Leadership Team. These persons have a duty to notify within three business days F-Secure and the Finnish Financial Supervisory Authority of every transaction in their own account relating to Financial Instruments of F-Secure. The Company publishes these notifications as a stock exchange release, as specified by MAR. All releases published on managers’ transactions are available on the Company’s website.

Closed window

All insiders or their interest parties are not entitled to trade shares, options, or other securities 30 days prior to the publica-tion of financial reports. Additionally, project-based insiders are never entitled to trade shares, options, or other securities during the duration of an insider project, including the day the insider information is made public.

Silent period

F-Secure observes a silent period of 21 days before each quarterly report announcement. During the silent period, the Company will arrange neither meetings nor conference calls with the investor community.

AuditorsThe auditor is elected by the Annual General Meeting for a term of service ending at the close of the next Annual General Meeting. The auditor is responsible for auditing the consolidated and parent company financial statements and accounting. The auditor reports to the Board of Directors or the Audit Committee at least once a year.

2017: F-Secure has been audited by PricewaterhouseCoopers with Janne Rajalahti, Authorized Public Accountant, as the responsible auditor.

F-Secure paid to the auditor EUR 173,000 in audit fees (2016: EUR 144,500), and EUR 106,000 (2016: EUR 77,280) for non-audit services.

65

F-SECURE 2017

RISTO SIILASMAA Chairman of the Board of Directors since 2006Board member since 1988Born 1966, M.Sc. (Engineering)Main employment history:Currently Chairman of the Board, F-Secure Corporation, 2006–President and CEO, F-Secure Corporation, 1988–2006Founder, F-Secure CorporationInterim CEO, Nokia Corporation, 2013–2014Current board memberships and public duties:Chairman of the Board, Nokia Corporation, 2012–Chairman of the Board, The Federation of Finnish Technology Industries, 2016–Vice Chairman, Confederation of Finnish Industries, EK, 2017–Member of ERT European Round Table of Industrialists, 2013–Holdings: number of shares 59,969,896, holding 37.76%

PERTTI ERVI Board member since 2003, Chairman of the Audit CommitteeBorn 1957, B.Sc. (Electronics)Main employment history:Currently an independent management consultantCo-CEO, Member of the Executive Board, Computer 2000 AG, 1995–2000 Co-founder, Managing Director, Computer 2000 Finland Oy, 1983–1995Has worked at international management levels with major IT vendors such as Cisco, IBM, Intel, HP, and Microsoft.Current board memberships and public duties:Chairman of the Board 2011–, Member of the Board 2008–, Efecte Corporation,Chairman of the Board 2017–, Member of the Board 2009–, Teleste CorporationChairman of the Board, Mintly, 2017–Holdings: number of shares 51,036

MATTI HEIKKONEN Board member since 2013Born 1976, M.Sc. (Eng.)Main employment history:Senior Executive Vice President, Global Operations and Partner, QuestBack AS, 2010–Entrepreneur and CEO, Digium Ltd, 2007–2010Head of Nokia-Cisco Systems Global Alliance, Nokia Corporation, 2004–2007Entrepreneur and CEO, Triple Check Ltd, 2002–2004Researcher, Aalto University, Finland, 2002–2004Group Marketing Director, Business Unit Manager and Partner, Done Solutions Corp, 2000–2002Entrepreneur and CEO, Identia Ltd, 1998–2000Current board memberships and public duties:Chairman of the Board, Benemen Oy, 2018–Board member of Mobile Wellness MWS Oy, 2017–Holdings: number of shares 23,565

DETAILED DESCRIPTIONS

In this section are the biographies of the Members of the Board of Directors during 2017. Shareholdings are listed as of 31 December 2017 unless otherwise stated.

BOARD OF DIRECTORS

66

F-SECURE 2017

ARI INKIBoard member since April 2017Born 1974, B. Sc. (Computer Engineering), MBAMain employment history:Chief Architect and Vice President of Architecture & Platforms, F-Secure, 2017–Chief Architect and Head of Technology Office, F-Secure, 2011–2017Various research and development roles, F-Secure, 2008–2017Information Security Specialist, TietoEnator, 2007–2008Architect, Technical Product Manager and Software Developer, F-Secure, 1999–2007Holdings: number of shares, 6,856

SOFIE NYSTRØMBoard member since April 2017Born 1978, Ms. Sc. (Computer Science)Main employment history:Director, NTNU Center for Cyber and Information Security, 2015–Vice President, Head of Group Security, Telenor Group, 2014–2015 Executive Vice President, Chief Information Security Officer, DNB Bank, 2008–2013Director, Symantec Norway, Consulting services, 2006–2008Manager, National Security Authority, Norway, 2004–2006Holdings: number of shares 2,830

BRUCE ORECKBoard member since 2016Born 1953, LL.M. (Taxation)Main employment history:Executive in Residence, Aalto University, 2016–Ambassador to Finland, United States, 2009–2015Founding and managing partner, Oreck, Bradley, Crighton, Adams & Chase, 2005–2009Executive Vice-President and General Counsel, Oreck Corporation, 1993–2003Current board memberships and public duties:Member of the Board, U.S. Green Building Council (USGBC), 2016–Member of the Board, Earth Day Network, 2016Holdings: number of shares 8,123

PÄIVI REKONEN Board member since April 2017Born 1969, M. Sc. (Economics), M.Sc. (Social Sciences)Main employment history:Currently an independent strategy advisor, 2018–Managing Director, Group Technology, USB, 2014–2018Senior Vice President, Global Head of Digital Strategy, Adecco Group, 2011–2012Head of IT, Credit Suisse, 2007–2009Various leadership roles, Cisco Systems, 1998–2007Various leadership roles, Nokia, 1990–1998Holdings: number of shares 2,830

67

F-SECURE 2017

JUSSI AROVAARA Board member since 2010 (until April 2017)Born 1966Main employment history: Vice President, Global Sales, Corel Corporation (UK) 2012–Vice President, Global Operations, Corel Corporation (UK), 2010–2012Senior Director, International Sales and Marketing Operations, Corel Corporation (UK), 2005–2009Director, International Product Marketing, Corel Corporation (UK), 2004–2005Vice President, EMEA Sales, Corel Corporation (UK), 2002–2004Vice President, Sales Operations, Corel Corporation (Canada), 1999–2001Earlier has worked in several sales and marketing positions in computer wholesaling.Holdings: number of shares 38,833 (April 2017)

JANNE PIRTTILAHTIBoard member since April 2016 (until April 2017)Born 1976, Undergraduate Student of ScienceMain employment history:Vice President, R & D, Corporate Security, F-Secure, 2016–Various roles, F-Secure, 2005–Sales manager, Rommon Oy, 2003–2005Product Manager, Bonware Oy, 2001–2003 Current board memberships and public duties:Member of the Board of Directors, Loopback Oy, 2005–Holdings: number of shares 8,603 (April 2017)

ANU NISSINEN Board member since 2010 (until April 2017)Born 1963, M.Sc. (Economics)Main employment history:Founder, Digma Design Oy 2016– Founding partner, Era Content Oy, 2016Founding partner and CEO, Era Content Oy, 2014–2015CEO, Sanoma Media Finland Ltd, and a Member of the Executive Management Group of Sanoma, 2011–2013President, Sanoma Entertainment Ltd, 2008–2011Member of the Executive Management Group, Sanoma, 2008–2010President, SW Television Ltd/Welho, 2004–2008Marketing Director, Helsinki Televisio Ltd, 2001–2004Marketing Manager, Oy Sinebrychoff Ab, 1998–2000Current board memberships and public duties:Member of the Board, DNA Oy, (2010–2012) 2014–Member of the Board, Siili Solutions Oyj, 2014–Member of the Board, Kesko Oyj, 2015–Member of the Board, Viestilehdet Oy, 2015–Holdings: number of shares 38,833 (April 2017)

NON-CURRENT MEMBERS

68

F-SECURE 2017

LEADERSHIP TEAM

SAMU KONTTINENPresident and CEO Born 1973Member of the Leadership Team since 2009Main employment history:President and CEO, F-Secure, 2016–Executive Vice President, Corporate Security, F-Secure, 2016Executive Vice President, Consumer Security, F-Secure 2014–2016Executive Vice President, Customer and Market Operations, F-Secure, 2012–2014Vice President, Sales and Marketing, F-Secure, 2011–2012Vice President, Sales and Geographical Operations, F-Secure, 2009–2011

In this section are the biographies of all the members of the Leadership Team during 2017. Shareholdings are listed as of 31 December 2017 unless otherwise stated.

MARI HEUSALAExecutive Vice President, Human Resources and Office servicesBorn 1966, M.Sc. (Economics)Member of the Leadership Team since 2015Main employment history:Executiye Vice Precident, Human Resources and Office Services, 2015–Senior Vice President, Human Resources & Development, Basware Corporation, 2009–2015Various global HR director positions, Nokia, 1997–2009Project Coordinator, Northrop Grumman International Aircraft Inc, 1993–1996Holdings: number of shares 1,800

KRISTIAN JÄRNEFELTExecutive Vice President, Consumer security Born 1965, M.Sc (Economics)Member of the Leadership Team since 2016Main employment history:Executive Vice President, Consumer security, F-Secure, 2016–Director, Sales, Fujitsu Finland Oy , 2014–2015CEO and partner, Miradore Oy, 2010–2014CEO and partner, Concilio Networks Oy, 2006–2009Various senior leadership roles, Hewlett-Packard, 1994–2006Holdings: –

Vice President, Mobile Business Unit, F-Secure, 2007–2009Various leadership roles in sales and channel management, F-Secure, 2005–2007Vice President, Sales, Valimo Wireless, 2001–2005.Current Board Memberships: Member of the Board, Digitalist Plc, 2011–Member of the Board, Information Technology branch group, Technology Industries of Finland, 2016–Chairman of the Board, Finnish Information Security Cluster (FISC), 2017–Holdings: number of shares 82,103

69

F-SECURE 2017

JYRKI ROSENBERGExecutive Vice President, Corporate SecurityBorn 1971, M.Sc. (Communication), MBAMember of the Leadership Team since 2016Main employment history:Executive Vice President, Corporate Security, F-Secure, 2016–CEO and a member of the Board, MixRadio Ltd 2015–2016Vice President, Entertainment Businesses, Microsoft Devices Group , Nokia Corporation, 2012–2015Various of senior roles in marketing, sales, product development and general manage-ment, Nokia, 1996–2012Holdings: –

JARI STILLVice President, Information and Business Services (as of February 2016) Born 1965, B.ScMember of the Leadership Team since 2012Main employment history:Chief Information Officer, F-Secure, 2016–Vice President, Information and Business Services, F-Secure, 2012–2016Head of Research and Development, Mobile Business Unit, F-Secure, 2000–2012Co-founder and CEO, Modera Point Oy, 1991–2000Various product development and manage-ment roles in Finnish telecommunication and software companies, 1987–1991Holdings: number of shares 100,657

MIKA STÅHLBERGChief Technology Officer (as of February 2016)Born 1973, M.Sc. (Engineering), Officer’s degreeMember of the Leadership Team since 2016Main employment history:Chief Technology Officer, F-Secure, 2016–Director, Strategic Threat Research, F-Secure, 2014–2016CTO, Security, F-Secure, 2012–2014Vice President, Labs, F-Secure, 2009–2012Director of Security Research, F-Secure, 2008–2009Various position, F-Secure, 2004–2008Various positions, Finnish Defense Forces, 1998–2004Holdings: number of shares 29,263

ERIIKKA SÖDERSTRÖMChief Financial Officer (as of February 2017)Born 1968, M.Sc. (Econ.)Member of the Leadership Team since 2017 Main employment history:CFO, KONE Corporation, 2013–2016CFO, Vacon Corporation, 2009–2012CFO, Oy Nautor Ab, 2008Various senior finance leader roles, Nokia Networks and Nokia Siemens Networks, 1994–2007Current board memberships:Member of the Board, Valmet, 2017–Holdings: number of shares 40,000

70

F-SECURE 2017

JENS THONKEExecutive Vice President, Cyber Security ServicesBorn 1966Member of the Leadership Team since 2015Main employment history:Executive Vice President, Cyber Security Services, F-Secure, 2015–CEO, nSense, 2009–2015 CEO, Ezenta, 2000–2009Holdings: number of shares 166,359

JYRKI TULOKASExecutive Vice President, Strategy and Corporate DevelopmentBorn 1975, M.Sc. (Economics)Member of the Leadership Team since 2016Main employment history:Executive Vice President, Strategy and Corporate Development, F-Secure, 2016–Various leadership roles in product management, marketing, strategy and business development operations, F-Secure, 2007–2016Head of Business Development, Suunto, 2005–2007Holdings: –

NON-CURRENT MEMBERS

SAILA MIETTINEN-LÄHDEChief Financial Officer (until February 2017)Born 1962 M.Sc. (Engineering)Member of the Leadership Team between 2015–2017

71

F-SECURE 2017

The main goal of F-Secure’s investor communications is to make available correct, up-to-date information about F-Secure and its operations – impartially and simultaneously to all interest groups.

All published investor information including annual reports, interim reports, as well as stock exchange and press releases are available on the Group’s website www.f-secure.com/investors. All investor information is published in English and in Finnish.

Subscriptions for the emailing list for stock exchange releases can be made by sending your contact details to [email protected].

F-Secure publishes a financial statement release, a half year report and two interim reports during 2018 and arranges news conferences for media and analysts at the time of publishing of the quarterly reports. F-Secure observes a three-week silent period before the publishing of each quarterly report. During this time, F-Secure neither arranges meetings nor phone conferences with investors or analysts.

Annual General MeetingThe Annual General Meeting of F-Secure Corporation is scheduled to be held on Wednesday, 4 April 2018. More information on how to attend as well as the documents for the meeting are available on the Group’s webpage www.f-secure.com/agm.

Financial calendar for 2018Q1 Interim Report 4 MayQ2 Half year report 8 AugustQ3 Interim Report 2 November

F-Secure share factsListing since (1999) NASDAQ OMX Helsinki Ltd.Trading symbol FSC1VNumber of shares 158,798,739

IR ContactsFor any inquiries on F-Secure as an investment target, please contact:

Tapio Pesola, Investor Relations [email protected]+358 44 3734693

F-Secure CorporationCorporate HeadquartersTammasaarenkatu 7P.O. Box 2400181 Helsinki, FinlandTel. +358 9 2520 0700www.f-secure.com

INFORMATION FOR SHAREHOLDERS

72

content F-Secure design and layout Kreab photographs F-Secure

F-Secure CorporationTammasaarenkatu 7

P.O. Box 24, 00181 HelsinkiTel. +358 9 2520 0700

[email protected]

AT YOUR SIDE, WATCHING YOUR BACK.

A FRONT RUNNER IN CYBER SECURITY FOR 30 YEARS - f …€¦ · Nobody knows cyber security like...

Documents

Transcript of A FRONT RUNNER IN CYBER SECURITY FOR 30 YEARS - f …€¦ · Nobody knows cyber security like...